Author: shane.bryzak(a)jboss.com
Date: 2008-10-14 08:40:56 -0400 (Tue, 14 Oct 2008)
New Revision: 9299
Modified:
trunk/src/main/org/jboss/seam/security/SecurityInterceptor.java
Log:
avoid EL if possible
Modified: trunk/src/main/org/jboss/seam/security/SecurityInterceptor.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/SecurityInterceptor.java 2008-10-14 12:36:51
UTC (rev 9298)
+++ trunk/src/main/org/jboss/seam/security/SecurityInterceptor.java 2008-10-14 12:40:56
UTC (rev 9299)
@@ -36,6 +36,9 @@
{
private String expression;
+ private String permissionTarget;
+ private String permissionAction;
+
private Map<String, Object> methodRestrictions;
private Map<Integer,Set<String>> paramRestrictions;
private Set<String> roleRestrictions;
@@ -45,6 +48,16 @@
this.expression = expression;
}
+ public void setPermissionTarget(String target)
+ {
+ this.permissionTarget = target;
+ }
+
+ public void setPermissionAction(String action)
+ {
+ this.permissionAction = action;
+ }
+
public void addMethodRestriction(Object target, String action)
{
if (methodRestrictions == null)
@@ -123,6 +136,11 @@
Identity.instance().checkRole(role);
}
}
+
+ if (permissionTarget != null && permissionAction != null)
+ {
+ Identity.instance().checkPermission(permissionTarget, permissionAction);
+ }
}
}
}
@@ -169,8 +187,16 @@
if (restrict != null)
{
if (restriction == null) restriction = new Restriction();
- restriction.setExpression(!Strings.isEmpty( restrict.value() ) ?
- restrict.value() : createDefaultExpr(method));
+
+ if ( Strings.isEmpty(restrict.value()) )
+ {
+ restriction.setPermissionTarget(getComponent().getName());
+ restriction.setPermissionAction(method.getName());
+ }
+ else
+ {
+ restriction.setExpression(restrict.value());
+ }
}
for (Annotation annotation : method.getDeclaringClass().getAnnotations())
@@ -251,19 +277,6 @@
}
}
- /**
- * Creates a default security expression for a specified method. The method must
- * be a method of a Seam component.
- *
- * @param method The method for which to create a default permission expression
- * @return The generated security expression.
- */
- private String createDefaultExpr(Method method)
- {
- return String.format( "#{s:hasPermission('%s','%s')}",
- getComponent().getName(), method.getName() );
- }
-
public boolean isInterceptorEnabled()
{
return getComponent().isSecure() &&
!getComponent().beanClassHasAnnotation("javax.jws.WebService");
Show replies by date