[seam-commits] Seam SVN: r11950 - in modules/security/trunk/src/main/java/org/jboss/seam/security: permission and 1 other directory.
seam-commits at lists.jboss.org
seam-commits at lists.jboss.org
Wed Jan 13 05:35:44 EST 2010
Author: shane.bryzak at jboss.com
Date: 2010-01-13 05:35:44 -0500 (Wed, 13 Jan 2010)
New Revision: 11950
Modified:
modules/security/trunk/src/main/java/org/jboss/seam/security/Identity.java
modules/security/trunk/src/main/java/org/jboss/seam/security/RememberMe.java
modules/security/trunk/src/main/java/org/jboss/seam/security/SecurityEventMessages.java
modules/security/trunk/src/main/java/org/jboss/seam/security/SecurityInterceptor.java
modules/security/trunk/src/main/java/org/jboss/seam/security/permission/EntityIdentifierStrategy.java
modules/security/trunk/src/main/java/org/jboss/seam/security/permission/JpaPermissionStore.java
modules/security/trunk/src/main/java/org/jboss/seam/security/permission/PermissionManager.java
modules/security/trunk/src/main/java/org/jboss/seam/security/permission/PermissionMapper.java
modules/security/trunk/src/main/java/org/jboss/seam/security/permission/PersistentPermissionResolver.java
modules/security/trunk/src/main/java/org/jboss/seam/security/permission/RuleBasedPermissionResolver.java
Log:
fixed remaining compiler errors
Modified: modules/security/trunk/src/main/java/org/jboss/seam/security/Identity.java
===================================================================
--- modules/security/trunk/src/main/java/org/jboss/seam/security/Identity.java 2010-01-13 08:54:19 UTC (rev 11949)
+++ modules/security/trunk/src/main/java/org/jboss/seam/security/Identity.java 2010-01-13 10:35:44 UTC (rev 11950)
@@ -27,7 +27,6 @@
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
-import org.jboss.seam.el.Expressions;
import org.jboss.seam.security.callbacks.AuthenticatorCallback;
import org.jboss.seam.security.callbacks.IdentityCallback;
import org.jboss.seam.security.callbacks.IdentityManagerCallback;
@@ -66,7 +65,6 @@
@Inject private BeanManager manager;
@Inject private Credentials credentials;
@Inject private PermissionMapper permissionMapper;
- @Inject private Expressions expressions;
@Inject private IdentityManager identityManager;
@@ -150,6 +148,9 @@
* the user is authenticated
*/
// QUESTION should we add the dependency on el-api for the sake of avoiding reinstantiating the VE?
+
+ // TODO redesign restrictions system to be typesafe
+ /*
public void checkRestriction(ValueExpression expression)
{
if (!securityEnabled)
@@ -174,7 +175,7 @@
"Authorization check failed for expression [%s]", expression.getExpressionString()));
}
}
- }
+ }*/
/**
* Performs an authorization check, based on the specified security expression string.
@@ -185,6 +186,8 @@
* @throws AuthorizationException Thrown if the authorization check fails and
* the user is authenticated
*/
+
+ /*
public void checkRestriction(String expr)
{
if (!securityEnabled)
@@ -193,7 +196,7 @@
}
checkRestriction(expressions.createValueExpression(expr, Boolean.class).toUnifiedValueExpression());
- }
+ }*/
/**
* Attempts to authenticate the user. This method is distinct to the
@@ -626,10 +629,11 @@
* @param expr String The expression to evaluate
* @return boolean The result of the expression evaluation
*/
+ /*
protected boolean evaluateExpression(String expr)
{
return expressions.createValueExpression(expr, Boolean.class).getValue();
- }
+ }*/
public String getJaasConfigName()
{
Modified: modules/security/trunk/src/main/java/org/jboss/seam/security/RememberMe.java
===================================================================
--- modules/security/trunk/src/main/java/org/jboss/seam/security/RememberMe.java 2010-01-13 08:54:19 UTC (rev 11949)
+++ modules/security/trunk/src/main/java/org/jboss/seam/security/RememberMe.java 2010-01-13 10:35:44 UTC (rev 11950)
@@ -18,7 +18,7 @@
import org.jboss.seam.security.events.QuietLoginEvent;
import org.jboss.seam.security.management.IdentityManager;
import org.jboss.seam.security.util.Base64;
-import org.jboss.seam.web.ManagedCookie;
+//import org.jboss.seam.web.ManagedCookie;
/**
* Remember-me functionality is provided by this class, in two different flavours. The first mode
@@ -28,6 +28,7 @@
*
* Use the auto-login mode with caution!
*
+ *
* @author Shane Bryzak
*/
@Named
@@ -42,15 +43,17 @@
@Inject Identity identity;
@Inject Credentials credentials;
@Inject IdentityManager identityManager;
+
+ // Heaps of stuff commented out here because we need to add generic cookie support
- private ManagedCookie usernameSelector;
- private ManagedCookie tokenSelector;
+ //private ManagedCookie usernameSelector;
+ //private ManagedCookie tokenSelector;
private TokenStore tokenStore;
private boolean enabled;
- private int cookieMaxAge = ManagedCookie.DEFAULT_MAX_AGE;
+ //private int cookieMaxAge = ManagedCookie.DEFAULT_MAX_AGE;
private boolean autoLoggedIn;
@@ -60,6 +63,7 @@
public RememberMe() {}
+ /*
public
@Inject
void create()
@@ -130,7 +134,7 @@
}
}
}
- }
+ }*/
public void quietLogin(@Observes QuietLoginEvent event)
{
@@ -179,7 +183,7 @@
}
}
}
-
+ /*
public void postAuthenticate(@Observes PostAuthenticateEvent event)
{
if (mode.equals(Mode.usernameOnly))
@@ -218,14 +222,16 @@
}
}
}
+ */
+ /*
public void loggedOut(@Observes LoggedOutEvent event)
{
if (mode.equals(Mode.autoLogin))
{
tokenSelector.clearCookieValue();
}
- }
+ }*/
public Mode getMode()
{
@@ -242,6 +248,7 @@
return enabled;
}
+ /*
public void setEnabled(boolean enabled)
{
if (this.enabled != enabled)
@@ -258,15 +265,16 @@
tokenSelector.setCookieEnabled(enabled);
}
}
- }
+ }*/
+ /*
public int getCookieMaxAge() {
return cookieMaxAge;
}
public void setCookieMaxAge(int cookieMaxAge) {
this.cookieMaxAge = cookieMaxAge;
- }
+ }*/
public TokenStore getTokenStore()
{
Modified: modules/security/trunk/src/main/java/org/jboss/seam/security/SecurityEventMessages.java
===================================================================
--- modules/security/trunk/src/main/java/org/jboss/seam/security/SecurityEventMessages.java 2010-01-13 08:54:19 UTC (rev 11949)
+++ modules/security/trunk/src/main/java/org/jboss/seam/security/SecurityEventMessages.java 2010-01-13 10:35:44 UTC (rev 11950)
@@ -4,8 +4,8 @@
import javax.inject.Inject;
import javax.enterprise.event.Observes;
-import org.jboss.seam.international.StatusMessages;
-import org.jboss.seam.international.StatusMessage.Severity;
+//import org.jboss.seam.international.StatusMessages;
+//import org.jboss.seam.international.StatusMessage.Severity;
import org.jboss.seam.security.events.AlreadyLoggedInEvent;
import org.jboss.seam.security.events.LoggedInEvent;
import org.jboss.seam.security.events.LoginFailedEvent;
@@ -32,7 +32,7 @@
private static final String DEFAULT_ALREADY_LOGGED_IN_MESSAGE = "You're already logged in. Please log out first if you wish to log in again.";
private static final String DEFAULT_NOT_LOGGED_IN_MESSAGE = "Please log in first.";
- @Inject StatusMessages statusMessages;
+ //@Inject StatusMessages statusMessages;
@Inject Credentials credentials;
public void postAuthenticate(@Observes PostAuthenticateEvent event)
@@ -44,29 +44,48 @@
public void addLoginFailedMessage(@Observes LoginFailedEvent event)
{
- statusMessages.addFromResourceBundleOrDefault(getLoginFailedMessageSeverity(), getLoginFailedMessageKey(), getDefaultLoginFailedMessage(), event.getLoginException());
+ //statusMessages.addFromResourceBundleOrDefault(getLoginFailedMessageSeverity(), getLoginFailedMessageKey(), getDefaultLoginFailedMessage(), event.getLoginException());
}
public void addLoginSuccessMessage(@Observes LoggedInEvent event)
{
- statusMessages.addFromResourceBundleOrDefault(getLoginSuccessfulMessageSeverity(), getLoginSuccessfulMessageKey(), getDefaultLoginSuccessfulMessage(), credentials.getUsername());
+ // statusMessages.addFromResourceBundleOrDefault(getLoginSuccessfulMessageSeverity(), getLoginSuccessfulMessageKey(), getDefaultLoginSuccessfulMessage(), credentials.getUsername());
}
public void addAlreadyLoggedInMessage(@Observes AlreadyLoggedInEvent event)
{
- statusMessages.addFromResourceBundleOrDefault(getAlreadyLoggedInMessageSeverity(), getAlreadyLoggedInMessageKey(), getDefaultAlreadyLoggedInMessage());
+ //statusMessages.addFromResourceBundleOrDefault(getAlreadyLoggedInMessageSeverity(), getAlreadyLoggedInMessageKey(), getDefaultAlreadyLoggedInMessage());
}
public void addNotLoggedInMessage(@Observes NotLoggedInEvent event)
{
- statusMessages.addFromResourceBundleOrDefault(getNotLoggedInMessageSeverity(), getNotLoggedInMessageKey(), getDefaultNotLoggedInMessage());
+ //statusMessages.addFromResourceBundleOrDefault(getNotLoggedInMessageSeverity(), getNotLoggedInMessageKey(), getDefaultNotLoggedInMessage());
}
- public Severity getLoginFailedMessageSeverity()
+ // TODO the following methods should probably be moved to the seam-jsf module,
+ // or otherwise message severities should be abstracted in seam-international
+
+ /*public Severity getLoginFailedMessageSeverity()
{
return Severity.INFO;
}
+
+ public Severity getLoginSuccessfulMessageSeverity()
+ {
+ return Severity.INFO;
+ }
+ public Severity getAlreadyLoggedInMessageSeverity()
+ {
+ return Severity.INFO;
+ }
+
+ public Severity getNotLoggedInMessageSeverity()
+ {
+ return Severity.WARN;
+ }
+*/
+
public String getLoginFailedMessageKey()
{
return LOGIN_FAILED_MESSAGE_KEY;
@@ -77,10 +96,6 @@
return DEFAULT_LOGIN_FAILED_MESSAGE;
}
- public Severity getLoginSuccessfulMessageSeverity()
- {
- return Severity.INFO;
- }
public String getLoginSuccessfulMessageKey()
{
@@ -91,12 +106,7 @@
{
return DEFAULT_LOGIN_SUCCESSFUL_MESSAGE;
}
-
- public Severity getAlreadyLoggedInMessageSeverity()
- {
- return Severity.INFO;
- }
-
+
public String getAlreadyLoggedInMessageKey()
{
return ALREADY_LOGGED_IN_MESSAGE_KEY;
@@ -107,11 +117,6 @@
return DEFAULT_ALREADY_LOGGED_IN_MESSAGE;
}
- public Severity getNotLoggedInMessageSeverity()
- {
- return Severity.WARN;
- }
-
public String getNotLoggedInMessageKey()
{
return NOT_LOGGED_IN_MESSAGE_KEY;
Modified: modules/security/trunk/src/main/java/org/jboss/seam/security/SecurityInterceptor.java
===================================================================
--- modules/security/trunk/src/main/java/org/jboss/seam/security/SecurityInterceptor.java 2010-01-13 08:54:19 UTC (rev 11949)
+++ modules/security/trunk/src/main/java/org/jboss/seam/security/SecurityInterceptor.java 2010-01-13 10:35:44 UTC (rev 11950)
@@ -111,10 +111,11 @@
{
if (Identity.isSecurityEnabled())
{
- if (expression != null)
+ // TODO rewrite EL based restrictions
+ /*if (expression != null)
{
identity.checkRestriction(expression);
- }
+ }*/
if (methodRestrictions != null)
{
Modified: modules/security/trunk/src/main/java/org/jboss/seam/security/permission/EntityIdentifierStrategy.java
===================================================================
--- modules/security/trunk/src/main/java/org/jboss/seam/security/permission/EntityIdentifierStrategy.java 2010-01-13 08:54:19 UTC (rev 11949)
+++ modules/security/trunk/src/main/java/org/jboss/seam/security/permission/EntityIdentifierStrategy.java 2010-01-13 10:35:44 UTC (rev 11950)
@@ -9,7 +9,6 @@
import javax.persistence.Entity;
import javax.persistence.EntityManager;
-import org.jboss.seam.el.Expressions;
import org.jboss.seam.security.annotations.permission.Identifier;
import org.jboss.seam.security.util.Strings;
Modified: modules/security/trunk/src/main/java/org/jboss/seam/security/permission/JpaPermissionStore.java
===================================================================
--- modules/security/trunk/src/main/java/org/jboss/seam/security/permission/JpaPermissionStore.java 2010-01-13 08:54:19 UTC (rev 11949)
+++ modules/security/trunk/src/main/java/org/jboss/seam/security/permission/JpaPermissionStore.java 2010-01-13 10:35:44 UTC (rev 11950)
@@ -10,21 +10,21 @@
import java.util.Set;
import javax.enterprise.context.ApplicationScoped;
+import javax.enterprise.inject.Instance;
+import javax.enterprise.inject.spi.BeanManager;
import javax.inject.Inject;
-import javax.enterprise.inject.spi.BeanManager;
import javax.persistence.EntityManager;
import javax.persistence.Query;
import org.jboss.seam.security.Role;
-import org.jboss.seam.security.SimplePrincipal;
import org.jboss.seam.security.annotations.permission.PermissionAction;
import org.jboss.seam.security.annotations.permission.PermissionDiscriminator;
import org.jboss.seam.security.annotations.permission.PermissionRole;
import org.jboss.seam.security.annotations.permission.PermissionTarget;
import org.jboss.seam.security.annotations.permission.PermissionUser;
import org.jboss.seam.security.management.IdentityManager;
+import org.jboss.seam.security.management.IdentityStore;
import org.jboss.seam.security.management.JpaIdentityStore;
-import org.jboss.seam.security.management.JpaIdentityStoreConfig;
import org.jboss.seam.security.management.LdapIdentityStore;
import org.jboss.seam.security.permission.PermissionMetadata.ActionSet;
import org.jboss.seam.security.util.AnnotatedBeanProperty;
@@ -65,7 +65,10 @@
@Inject IdentifierPolicy identifierPolicy;
@Inject BeanManager manager;
@Inject IdentityManager identityManager;
+ @Inject IdentityStore identityStore;
+ @Inject Instance<EntityManager> entityManagerInstance;
+
@Inject
public void init()
{
@@ -526,21 +529,21 @@
protected Object resolvePrincipalEntity(Principal recipient)
{
boolean recipientIsRole = recipient instanceof Role;
+
+ if (identityStore != null && identityStore instanceof JpaIdentityStore)
+ {
+ // TODO review this code
- JpaIdentityStore identityStore = BeanManagerHelper.getInstanceByType(manager, JpaIdentityStore.class);
- JpaIdentityStoreConfig config = BeanManagerHelper.getInstanceByType(manager, JpaIdentityStoreConfig.class);
-
- if (identityStore != null)
- {
- if (recipientIsRole && roleProperty.isSet() &&
- roleProperty.getPropertyType().equals(config.getRoleEntityClass()))
+ if (recipientIsRole && roleProperty.isSet() //&&
+ //roleProperty.getPropertyType().equals(config.getRoleEntityClass()))
+ )
{
- return identityStore.lookupRole(recipient.getName());
+ return ((JpaIdentityStore) identityStore).lookupRole(recipient.getName());
}
- else if (userProperty.getPropertyType().equals(config.getUserEntityClass()))
- {
- return identityStore.lookupUser(recipient.getName());
- }
+ //else if (userProperty.getPropertyType().equals(config.getUserEntityClass()))
+ //{
+ //return ((JpaIdentityStore) identityStore).lookupUser(recipient.getName());
+ //}
}
return recipient.getName();
@@ -549,10 +552,10 @@
protected Principal resolvePrincipal(Object principal, boolean isUser)
{
identityManager.getRoleIdentityStore();
+
+ // TODO review this
- JpaIdentityStore identityStore = BeanManagerHelper.getInstanceByType(manager, JpaIdentityStore.class);
- JpaIdentityStoreConfig config = BeanManagerHelper.getInstanceByType(manager, JpaIdentityStoreConfig.class);
-
+ /*
if (principal instanceof String)
{
return isUser ? new SimplePrincipal((String) principal) : new Role((String) principal,
@@ -571,7 +574,7 @@
String name = identityStore.getRoleName(principal);
return new Role(name, identityStore.isRoleConditional(name));
}
- }
+ }*/
throw new IllegalArgumentException("Cannot resolve principal name for principal " + principal);
}
@@ -753,7 +756,7 @@
private EntityManager lookupEntityManager()
{
- return BeanManagerHelper.getInstanceByType(manager, EntityManager.class);
+ return entityManagerInstance.get();
}
public Class<?> getUserPermissionClass()
Modified: modules/security/trunk/src/main/java/org/jboss/seam/security/permission/PermissionManager.java
===================================================================
--- modules/security/trunk/src/main/java/org/jboss/seam/security/permission/PermissionManager.java 2010-01-13 08:54:19 UTC (rev 11949)
+++ modules/security/trunk/src/main/java/org/jboss/seam/security/permission/PermissionManager.java 2010-01-13 10:35:44 UTC (rev 11950)
@@ -7,8 +7,8 @@
import javax.inject.Named;
import org.jboss.seam.security.Identity;
-import org.jboss.webbeans.log.Log;
-import org.jboss.webbeans.log.Logger;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
* Permission management component, used to grant or revoke permissions on specific objects or of
@@ -25,7 +25,7 @@
public static final String PERMISSION_GRANT = "seam.grant-permission";
public static final String PERMISSION_REVOKE = "seam.revoke-permission";
- @Logger Log log;
+ private Logger log = LoggerFactory.getLogger(PermissionManager.class);
@Inject PermissionStore permissionStore;
@Inject Identity identity;
Modified: modules/security/trunk/src/main/java/org/jboss/seam/security/permission/PermissionMapper.java
===================================================================
--- modules/security/trunk/src/main/java/org/jboss/seam/security/permission/PermissionMapper.java 2010-01-13 08:54:19 UTC (rev 11949)
+++ modules/security/trunk/src/main/java/org/jboss/seam/security/permission/PermissionMapper.java 2010-01-13 10:35:44 UTC (rev 11950)
@@ -12,7 +12,6 @@
import javax.enterprise.inject.spi.Bean;
import javax.enterprise.inject.spi.BeanManager;
-import org.jboss.seam.beans.BeanManagerHelper;
import org.jboss.seam.security.events.DefaultResolverChainCreatedEvent;
/**
@@ -35,7 +34,7 @@
private ResolverChain getResolverChain(Object target, String action)
{
- Class targetClass = null;
+ Class<?> targetClass = null;
if (target instanceof Class)
{
@@ -47,12 +46,15 @@
// we need to deal with all of these possibilities
}
+ // TODO configure resolver chains differently - scan for all beans of type ResolverChain
+
+ /*
if (targetClass != null)
{
Map<String,String> chains = resolverChains.get(target);
if (chains != null && chains.containsKey(action))
{
- return (ResolverChain) BeanManagerHelper.getInstanceByName(manager, chains.get(action));
+ return (ResolverChain) BeanManagerHelper.getInstanceByName(manager, chains.get(action));
}
}
@@ -60,6 +62,7 @@
{
return (ResolverChain) BeanManagerHelper.getInstanceByName(manager,defaultResolverChain);
}
+ */
return createDefaultResolverChain();
}
Modified: modules/security/trunk/src/main/java/org/jboss/seam/security/permission/PersistentPermissionResolver.java
===================================================================
--- modules/security/trunk/src/main/java/org/jboss/seam/security/permission/PersistentPermissionResolver.java 2010-01-13 08:54:19 UTC (rev 11949)
+++ modules/security/trunk/src/main/java/org/jboss/seam/security/permission/PersistentPermissionResolver.java 2010-01-13 10:35:44 UTC (rev 11950)
@@ -5,15 +5,12 @@
import java.util.List;
import java.util.Set;
-import javax.inject.Inject;
import javax.enterprise.inject.spi.BeanManager;
+import javax.inject.Inject;
-import org.jboss.seam.beans.BeanManagerHelper;
import org.jboss.seam.security.Identity;
import org.jboss.seam.security.Role;
import org.jboss.seam.security.SimplePrincipal;
-import org.jboss.webbeans.log.Log;
-import org.jboss.webbeans.log.Logger;
/**
* Resolves dynamically-assigned permissions, mapped to a user or a role, and kept in persistent
@@ -24,28 +21,11 @@
public class PersistentPermissionResolver implements PermissionResolver, Serializable
{
private static final long serialVersionUID = -603389172032219059L;
-
- private PermissionStore permissionStore;
- @Logger Log log;
-
@Inject BeanManager manager;
@Inject Identity identity;
@Inject RuleBasedPermissionResolver ruleBasedPermissionResolver;
-
- @Inject
- public void initPermissionStore()
- {
- if (permissionStore == null)
- {
- permissionStore = BeanManagerHelper.getInstanceByType(manager, JpaPermissionStore.class);
- }
-
- if (permissionStore == null)
- {
- log.warn("no permission store available - please install a PermissionStore if persistent permissions are required.");
- }
- }
+ @Inject PermissionStore permissionStore;
public PermissionStore getPermissionStore()
{
@@ -103,7 +83,7 @@
String username = identity.getPrincipal().getName();
- Iterator iter = targets.iterator();
+ Iterator<?> iter = targets.iterator();
while (iter.hasNext())
{
Object target = iter.next();
Modified: modules/security/trunk/src/main/java/org/jboss/seam/security/permission/RuleBasedPermissionResolver.java
===================================================================
--- modules/security/trunk/src/main/java/org/jboss/seam/security/permission/RuleBasedPermissionResolver.java 2010-01-13 08:54:19 UTC (rev 11949)
+++ modules/security/trunk/src/main/java/org/jboss/seam/security/permission/RuleBasedPermissionResolver.java 2010-01-13 10:35:44 UTC (rev 11950)
@@ -17,14 +17,14 @@
import org.drools.FactHandle;
import org.drools.RuleBase;
import org.drools.StatefulSession;
-import org.drools.base.ClassObjectFilter;
+import org.drools.ClassObjectFilter;
import org.jboss.seam.drools.SeamGlobalResolver;
import org.jboss.seam.security.Identity;
import org.jboss.seam.security.Role;
import org.jboss.seam.security.events.LoggedOutEvent;
import org.jboss.seam.security.events.PostAuthenticateEvent;
-import org.jboss.webbeans.log.Log;
-import org.jboss.webbeans.log.Logger;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
* A permission resolver that uses a Drools rule base to perform permission checks
@@ -36,7 +36,7 @@
{
private static final long serialVersionUID = -7572627522601793024L;
- @Logger Log log;
+ private Logger log = LoggerFactory.getLogger(RuleBasedPermissionResolver.class);
private StatefulSession securityContext;
@@ -214,7 +214,8 @@
Principal role = (Principal) e.nextElement();
boolean found = false;
- Iterator<Role> iter = getSecurityContext().iterateObjects(new ClassObjectFilter(Role.class));
+ Iterator<Role> iter = (Iterator<Role>) getSecurityContext()
+ .iterateObjects(new ClassObjectFilter(Role.class));
while (iter.hasNext())
{
Role r = iter.next();
@@ -234,7 +235,8 @@
}
}
- Iterator<Role> iter = getSecurityContext().iterateObjects(new ClassObjectFilter(Role.class));
+ Iterator<Role> iter = (Iterator<Role>) getSecurityContext()
+ .iterateObjects(new ClassObjectFilter(Role.class));
while (iter.hasNext())
{
Role r = iter.next();
More information about the seam-commits
mailing list