Seam SVN: r8120 - in trunk/examples/seamspace: view and 1 other directory.
by seam-commits@lists.jboss.org
Author: shane.bryzak(a)jboss.com
Date: 2008-05-06 23:10:20 -0400 (Tue, 06 May 2008)
New Revision: 8120
Added:
trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/ImagePermission.java
trunk/examples/seamspace/view/imagepermissions.page.xml
trunk/examples/seamspace/view/imagepermissions.xhtml
Removed:
trunk/examples/seamspace/view/permissionmanager.page.xml
trunk/examples/seamspace/view/permissionmanager.xhtml
Modified:
trunk/examples/seamspace/view/pictures.xhtml
Log:
replace generic permission manager with target-specific manager
Added: trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/ImagePermission.java
===================================================================
--- trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/ImagePermission.java (rev 0)
+++ trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/ImagePermission.java 2008-05-07 03:10:20 UTC (rev 8120)
@@ -0,0 +1,108 @@
+package org.jboss.seam.example.seamspace;
+
+import static org.jboss.seam.ScopeType.CONVERSATION;
+
+import java.io.Serializable;
+import java.util.List;
+
+import javax.persistence.EntityManager;
+
+import org.jboss.seam.annotations.Begin;
+import org.jboss.seam.annotations.In;
+import org.jboss.seam.annotations.Name;
+import org.jboss.seam.annotations.Scope;
+import org.jboss.seam.core.Conversation;
+import org.jboss.seam.security.management.IdentityManager;
+import org.jboss.seam.security.permission.PermissionManager;
+import org.jboss.seam.security.permission.action.PermissionSearch;
+
+@Name("imagePermission")
+@Scope(CONVERSATION)
+public class ImagePermission implements Serializable
+{
+ private static final long serialVersionUID = -4943654157860780587L;
+
+ private List<String> selectedRoles;
+ private List<Member> selectedFriends;
+ private List<String> selectedActions;
+
+ private List<String> availableRoles;
+ private List<Member> availableFriends;
+ private List<String> availableActions;
+
+ @In IdentityManager identityManager;
+ @In PermissionManager permissionManager;
+
+ @In EntityManager entityManager;
+
+ @In PermissionSearch permissionSearch;
+
+ private MemberImage target;
+
+ @SuppressWarnings("unchecked")
+ @Begin(nested = true)
+ public void createPermission()
+ {
+ target = (MemberImage) permissionSearch.getTarget();
+
+ availableRoles = identityManager.listRoles();
+ availableFriends = entityManager.createQuery(
+ "select f.friend from MemberFriend f where f.member = :member and f.authorized = true")
+ .setParameter("member", target.getMember())
+ .getResultList();
+
+ availableActions = permissionManager.listAvailableActions(target);
+ }
+
+ public List<String> getSelectedRoles()
+ {
+ return selectedRoles;
+ }
+
+ public void setSelectedRoles(List<String> selectedRoles)
+ {
+ this.selectedRoles = selectedRoles;
+ }
+
+ public List<Member> getSelectedFriends()
+ {
+ return selectedFriends;
+ }
+
+ public void setSelectedFriends(List<Member> selectedFriends)
+ {
+ this.selectedFriends = selectedFriends;
+ }
+
+ public List<String> getSelectedActions()
+ {
+ return selectedActions;
+ }
+
+ public void setSelectedActions(List<String> selectedActions)
+ {
+ this.selectedActions = selectedActions;
+ }
+
+ public void applyPermissions()
+ {
+
+
+ Conversation.instance().end();
+ }
+
+ public List<String> getAvailableRoles()
+ {
+ return availableRoles;
+ }
+
+ public List<Member> getAvailableFriends()
+ {
+ return availableFriends;
+ }
+
+ public List<String> getAvailableActions()
+ {
+ return availableActions;
+ }
+}
Added: trunk/examples/seamspace/view/imagepermissions.page.xml
===================================================================
--- trunk/examples/seamspace/view/imagepermissions.page.xml (rev 0)
+++ trunk/examples/seamspace/view/imagepermissions.page.xml 2008-05-07 03:10:20 UTC (rev 8120)
@@ -0,0 +1,7 @@
+<!DOCTYPE page PUBLIC
+ "-//JBoss/Seam Pages Configuration DTD 1.2//EN"
+ "http://jboss.com/products/seam/pages-1.2.dtd">
+
+<page action="#{permissionSearch.refresh}">
+
+</page>
\ No newline at end of file
Added: trunk/examples/seamspace/view/imagepermissions.xhtml
===================================================================
--- trunk/examples/seamspace/view/imagepermissions.xhtml (rev 0)
+++ trunk/examples/seamspace/view/imagepermissions.xhtml 2008-05-07 03:10:20 UTC (rev 8120)
@@ -0,0 +1,77 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"
+ xmlns:ui="http://java.sun.com/jsf/facelets"
+ xmlns:h="http://java.sun.com/jsf/html"
+ xmlns:f="http://java.sun.com/jsf/core"
+ xmlns:s="http://jboss.com/products/seam/taglib">
+
+ <ui:composition template="template.xhtml">
+
+ <ui:define name="head">
+ <link href="style/security.css" rel="stylesheet" type="text/css"/>
+ </ui:define>
+
+ <ui:define name="content">
+
+ <script type="text/javascript">
+ function confirmRevoke()
+ {
+ return confirm("Are you sure you wish to revoke this permission? This action cannot be undone.");
+ }
+ </script>
+
+ <div id="contentMain">
+
+ <h2>Image Permissions</h2>
+
+ <div style="float: left">
+ <h3>Managing permissions for image:</h3>
+ </div>
+
+ <div class="thumbnail" style="float:right">
+ <h:graphicImage value="/content/images?id=#{permissionSearch.target.imageId}&width=90"/>
+ </div>
+
+ <br class="clear"/>
+
+ <s:button action="#{imagePermission.createPermission}"
+ styleClass="newpermission"
+ rendered="#{s:hasPermission(permissionSearch.target, 'seam.grant-permission')}"/>
+
+ <h:dataTable
+ id="threads"
+ value="#{permissions}"
+ var="permission"
+ styleClass="security"
+ cellspacing="0"
+ headerClass="header"
+ rowClasses="odd,even"
+ columnClasses=",,action">
+ <h:column width="auto">
+ <f:facet name="header">
+ Recipient
+ </f:facet>
+ #{permission.recipient}
+ </h:column>
+ <h:column width="auto">
+ <f:facet name="header">
+ Actions Allowed
+ </f:facet>
+ #{permission.action}
+ </h:column>
+ <h:column width="auto">
+ <f:facet name="header">
+ Action
+ </f:facet>
+ <s:link value="Revoke All" action="#{permissionSearch.revokeSelected}"
+ rendered="#{s:hasPermission(permissionSearch.target, 'seam.revoke-permission')}"
+ onclick="return confirmRevoke()"/>
+ </h:column>
+ </h:dataTable>
+
+ </div>
+
+ </ui:define>
+
+ </ui:composition>
+</html>
Deleted: trunk/examples/seamspace/view/permissionmanager.page.xml
===================================================================
--- trunk/examples/seamspace/view/permissionmanager.page.xml 2008-05-07 03:07:40 UTC (rev 8119)
+++ trunk/examples/seamspace/view/permissionmanager.page.xml 2008-05-07 03:10:20 UTC (rev 8120)
@@ -1,7 +0,0 @@
-<!DOCTYPE page PUBLIC
- "-//JBoss/Seam Pages Configuration DTD 1.2//EN"
- "http://jboss.com/products/seam/pages-1.2.dtd">
-
-<page action="#{permissionSearch.refresh}">
-
-</page>
\ No newline at end of file
Deleted: trunk/examples/seamspace/view/permissionmanager.xhtml
===================================================================
--- trunk/examples/seamspace/view/permissionmanager.xhtml 2008-05-07 03:07:40 UTC (rev 8119)
+++ trunk/examples/seamspace/view/permissionmanager.xhtml 2008-05-07 03:10:20 UTC (rev 8120)
@@ -1,69 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"
- xmlns:ui="http://java.sun.com/jsf/facelets"
- xmlns:h="http://java.sun.com/jsf/html"
- xmlns:f="http://java.sun.com/jsf/core"
- xmlns:s="http://jboss.com/products/seam/taglib">
-
- <ui:composition template="template.xhtml">
-
- <ui:define name="head">
- <link href="style/security.css" rel="stylesheet" type="text/css"/>
- </ui:define>
-
- <ui:define name="content">
-
- <script type="text/javascript">
- function confirmDelete()
- {
- return confirm("Are you sure you wish to revoke this permission? This action cannot be undone.");
- }
- </script>
-
- <div id="contentMain">
-
- <h2>Permission Manager</h2>
-
- <h3>Managing permissions for: #{permissionSearch.target}</h3>
-
- <s:button action="#{permissionAction.createPermission}"
- styleClass="newpermission"
- rendered="#{s:hasPermission(permissionSearch.target, 'seam.grant-permission')}"/>
-
- <h:dataTable
- id="threads"
- value="#{permissions}"
- var="permission"
- styleClass="security"
- cellspacing="0"
- headerClass="header"
- rowClasses="odd,even"
- columnClasses=",,enabled,action">
- <h:column width="auto">
- <f:facet name="header">
- Recipient
- </f:facet>
- #{permission.recipient}
- </h:column>
- <h:column width="auto">
- <f:facet name="header">
- Actions Allowed
- </f:facet>
- #{permission.action}
- </h:column>
- <h:column width="auto">
- <f:facet name="header">
- Action
- </f:facet>
- <s:link value="Revoke" action="#{permissionManager.revokePermission(permissionSearch.selectedPermission)}"
- rendered="#{s:hasPermission(permissionSearch.target, 'seam.revoke-permission')}"
- onclick="return confirmDelete()"/>
- </h:column>
- </h:dataTable>
-
- </div>
-
- </ui:define>
-
- </ui:composition>
-</html>
Modified: trunk/examples/seamspace/view/pictures.xhtml
===================================================================
--- trunk/examples/seamspace/view/pictures.xhtml 2008-05-07 03:07:40 UTC (rev 8119)
+++ trunk/examples/seamspace/view/pictures.xhtml 2008-05-07 03:10:20 UTC (rev 8120)
@@ -45,7 +45,7 @@
<a href="content/images?id=#{img.imageId}" rel="lightbox[pictureset]" title="#{img.caption}">
<h:graphicImage value="/content/images?id=#{img.imageId}&width=90" border="0"/>
</a>
- <s:button view="/permissionmanager.seam" action="#{permissionSearch.search(pictureSearch.lookupImage())}" styleClass="padlock">
+ <s:button view="/imagepermissions.seam" action="#{permissionSearch.search(pictureSearch.lookupImage())}" styleClass="padlock">
<f:param name="imageId" value="#{img.imageId}"/>
</s:button>
<s:button styleClass="trash"/>
16 years, 7 months
Seam SVN: r8119 - in trunk/src/main/org/jboss/seam: annotations/security/permission and 1 other directories.
by seam-commits@lists.jboss.org
Author: shane.bryzak(a)jboss.com
Date: 2008-05-06 23:07:40 -0400 (Tue, 06 May 2008)
New Revision: 8119
Added:
trunk/src/main/org/jboss/seam/annotations/security/permission/Permission.java
trunk/src/main/org/jboss/seam/annotations/security/permission/Permissions.java
Removed:
trunk/src/main/org/jboss/seam/annotations/security/AclFlag.java
trunk/src/main/org/jboss/seam/annotations/security/AclFlags.java
Modified:
trunk/src/main/org/jboss/seam/security/permission/JpaPermissionStore.java
trunk/src/main/org/jboss/seam/security/permission/PermissionManager.java
trunk/src/main/org/jboss/seam/security/permission/PermissionStore.java
Log:
refactored annotations, add method for listing available permission actions
Deleted: trunk/src/main/org/jboss/seam/annotations/security/AclFlag.java
===================================================================
--- trunk/src/main/org/jboss/seam/annotations/security/AclFlag.java 2008-05-05 16:49:14 UTC (rev 8118)
+++ trunk/src/main/org/jboss/seam/annotations/security/AclFlag.java 2008-05-07 03:07:40 UTC (rev 8119)
@@ -1,24 +0,0 @@
-package org.jboss.seam.annotations.security;
-
-import static java.lang.annotation.ElementType.TYPE;
-import static java.lang.annotation.RetentionPolicy.RUNTIME;
-
-import java.lang.annotation.Documented;
-import java.lang.annotation.Inherited;
-import java.lang.annotation.Retention;
-import java.lang.annotation.Target;
-
-/**
- * Maps a permission for the target class to a bit value
- *
- * @author Shane Bryzak
- */
-@Target({TYPE})
-@Documented
-@Retention(RUNTIME)
-@Inherited
-public @interface AclFlag
-{
- long mask();
- String action();
-}
Deleted: trunk/src/main/org/jboss/seam/annotations/security/AclFlags.java
===================================================================
--- trunk/src/main/org/jboss/seam/annotations/security/AclFlags.java 2008-05-05 16:49:14 UTC (rev 8118)
+++ trunk/src/main/org/jboss/seam/annotations/security/AclFlags.java 2008-05-07 03:07:40 UTC (rev 8119)
@@ -1,23 +0,0 @@
-package org.jboss.seam.annotations.security;
-
-import static java.lang.annotation.ElementType.TYPE;
-import static java.lang.annotation.RetentionPolicy.RUNTIME;
-
-import java.lang.annotation.Documented;
-import java.lang.annotation.Inherited;
-import java.lang.annotation.Retention;
-import java.lang.annotation.Target;
-
-/**
- * Specifies a list of ACL flags for a class
- *
- * @author Shane Bryzak
- */
-@Target({TYPE})
-@Documented
-@Retention(RUNTIME)
-@Inherited
-public @interface AclFlags
-{
- AclFlag[] value() default {};
-}
Added: trunk/src/main/org/jboss/seam/annotations/security/permission/Permission.java
===================================================================
--- trunk/src/main/org/jboss/seam/annotations/security/permission/Permission.java (rev 0)
+++ trunk/src/main/org/jboss/seam/annotations/security/permission/Permission.java 2008-05-07 03:07:40 UTC (rev 8119)
@@ -0,0 +1,25 @@
+package org.jboss.seam.annotations.security.permission;
+
+import static java.lang.annotation.ElementType.TYPE;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.Inherited;
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+/**
+ * Specifies an allowable permission action for the target class, and allows for an optional bit mask
+ * value for mapping the permission action to a persistent store
+ *
+ * @author Shane Bryzak
+ */
+@Target({TYPE})
+@Documented
+@Retention(RUNTIME)
+@Inherited
+public @interface Permission
+{
+ String action();
+ long mask() default 0;
+}
Added: trunk/src/main/org/jboss/seam/annotations/security/permission/Permissions.java
===================================================================
--- trunk/src/main/org/jboss/seam/annotations/security/permission/Permissions.java (rev 0)
+++ trunk/src/main/org/jboss/seam/annotations/security/permission/Permissions.java 2008-05-07 03:07:40 UTC (rev 8119)
@@ -0,0 +1,23 @@
+package org.jboss.seam.annotations.security.permission;
+
+import static java.lang.annotation.ElementType.TYPE;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.Inherited;
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+/**
+ * Specifies a list of permission actions for a class
+ *
+ * @author Shane Bryzak
+ */
+@Target({TYPE})
+@Documented
+@Retention(RUNTIME)
+@Inherited
+public @interface Permissions
+{
+ Permission[] value() default {};
+}
Modified: trunk/src/main/org/jboss/seam/security/permission/JpaPermissionStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/JpaPermissionStore.java 2008-05-05 16:49:14 UTC (rev 8118)
+++ trunk/src/main/org/jboss/seam/security/permission/JpaPermissionStore.java 2008-05-07 03:07:40 UTC (rev 8119)
@@ -430,6 +430,12 @@
{
return listPermissions(target, null);
}
+
+ public List<String> listAvailableActions(Object target)
+ {
+ // TODO implement
+ return null;
+ }
private EntityManager lookupEntityManager()
{
Modified: trunk/src/main/org/jboss/seam/security/permission/PermissionManager.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/PermissionManager.java 2008-05-05 16:49:14 UTC (rev 8118)
+++ trunk/src/main/org/jboss/seam/security/permission/PermissionManager.java 2008-05-07 03:07:40 UTC (rev 8119)
@@ -108,4 +108,9 @@
Identity.instance().checkPermission(permission.getTarget(), PERMISSION_REVOKE);
return permissionStore.revokePermission(permission);
}
+
+ public List<String> listAvailableActions(Object target)
+ {
+ return permissionStore.listAvailableActions(target);
+ }
}
Modified: trunk/src/main/org/jboss/seam/security/permission/PermissionStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/PermissionStore.java 2008-05-05 16:49:14 UTC (rev 8118)
+++ trunk/src/main/org/jboss/seam/security/permission/PermissionStore.java 2008-05-07 03:07:40 UTC (rev 8119)
@@ -13,4 +13,5 @@
List<Permission> listPermissions(Object target, String action);
boolean grantPermission(Permission permission);
boolean revokePermission(Permission permission);
+ List<String> listAvailableActions(Object target);
}
16 years, 7 months
Seam SVN: r8118 - trunk/src/main/META-INF.
by seam-commits@lists.jboss.org
Author: norman.richards(a)jboss.com
Date: 2008-05-05 12:49:14 -0400 (Mon, 05 May 2008)
New Revision: 8118
Modified:
trunk/src/main/META-INF/components.xml
Log:
JBSEAM-2888
Modified: trunk/src/main/META-INF/components.xml
===================================================================
--- trunk/src/main/META-INF/components.xml 2008-05-05 16:46:18 UTC (rev 8117)
+++ trunk/src/main/META-INF/components.xml 2008-05-05 16:49:14 UTC (rev 8118)
@@ -19,6 +19,6 @@
<import>org.jboss.seam.security.permission</import>
<import>org.jboss.seam.captcha</import>
- <factory name="webSession" auto-create="true" scope="stateless" value="#{org.jboss.seam.web.session}" />
+ <factory name="org.jboss.seam.web.webSession" auto-create="true" scope="stateless" value="#{org.jboss.seam.web.session}" />
</components>
16 years, 7 months
Seam SVN: r8117 - trunk/src/main/META-INF.
by seam-commits@lists.jboss.org
Author: norman.richards(a)jboss.com
Date: 2008-05-05 12:46:18 -0400 (Mon, 05 May 2008)
New Revision: 8117
Modified:
trunk/src/main/META-INF/components.xml
Log:
JBSEAM-2888
Modified: trunk/src/main/META-INF/components.xml
===================================================================
--- trunk/src/main/META-INF/components.xml 2008-05-05 13:55:04 UTC (rev 8116)
+++ trunk/src/main/META-INF/components.xml 2008-05-05 16:46:18 UTC (rev 8117)
@@ -18,5 +18,7 @@
<import>org.jboss.seam.security.management</import>
<import>org.jboss.seam.security.permission</import>
<import>org.jboss.seam.captcha</import>
-
+
+ <factory name="webSession" auto-create="true" scope="stateless" value="#{org.jboss.seam.web.session}" />
+
</components>
16 years, 7 months
Seam SVN: r8116 - in trunk/examples/seamspace: resources/META-INF and 3 other directories.
by seam-commits@lists.jboss.org
Author: shane.bryzak(a)jboss.com
Date: 2008-05-05 09:55:04 -0400 (Mon, 05 May 2008)
New Revision: 8116
Added:
trunk/examples/seamspace/view/permissiondetail.xhtml
trunk/examples/seamspace/view/permissionmanager.page.xml
trunk/examples/seamspace/view/roledetail.page.xml
trunk/examples/seamspace/view/rolemanager.page.xml
trunk/examples/seamspace/view/userdetail.page.xml
trunk/examples/seamspace/view/usermanager.page.xml
Modified:
trunk/examples/seamspace/resources/META-INF/security-rules.drl
trunk/examples/seamspace/resources/WEB-INF/pages.xml
trunk/examples/seamspace/resources/import.sql
trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/MemberImage.java
trunk/examples/seamspace/view/permissionmanager.xhtml
trunk/examples/seamspace/view/pictures.xhtml
Log:
extract user/permission management .page.xml files from pages.xml for easier distribution
Modified: trunk/examples/seamspace/resources/META-INF/security-rules.drl
===================================================================
--- trunk/examples/seamspace/resources/META-INF/security-rules.drl 2008-05-05 13:53:54 UTC (rev 8115)
+++ trunk/examples/seamspace/resources/META-INF/security-rules.drl 2008-05-05 13:55:04 UTC (rev 8116)
@@ -28,6 +28,19 @@
check.grant();
end
+# This rule allows members to revoke permissions on their images to other users/roles
+
+rule RevokeImagePermissions
+ no-loop
+ activation-group "permissions"
+when
+ acct: MemberAccount()
+ image: MemberImage(mbr : member -> (mbr.memberId.equals(acct.member.memberId)))
+ check: PermissionCheck(target == image, action == "seam.revoke-permission", granted == false)
+then
+ check.grant();
+end
+
rule ViewProfileImage
no-loop
activation-group "permissions"
Modified: trunk/examples/seamspace/resources/WEB-INF/pages.xml
===================================================================
--- trunk/examples/seamspace/resources/WEB-INF/pages.xml 2008-05-05 13:53:54 UTC (rev 8115)
+++ trunk/examples/seamspace/resources/WEB-INF/pages.xml 2008-05-05 13:55:04 UTC (rev 8116)
@@ -63,46 +63,6 @@
</page>
- <page view-id="/usermanager.xhtml" action="#{userSearch.loadUsers}">
- <restrict>#{s:hasPermission('seam.user', 'read')}</restrict>
-
- <navigation from-action="#{userAction.createUser}">
- <redirect view-id="/userdetail.xhtml"/>
- </navigation>
-
- <navigation from-action="#{userAction.editUser(userSearch.selectedUser)}">
- <redirect view-id="/userdetail.xhtml"/>
- </navigation>
- </page>
-
- <page view-id="/rolemanager.xhtml" action="#{roleSearch.loadRoles}">
- <restrict>#{s:hasPermission('seam.role', 'read')}</restrict>
-
- <navigation from-action="#{roleAction.createRole}">
- <redirect view-id="/roledetail.xhtml"/>
- </navigation>
-
- <navigation from-action="#{roleAction.editRole(roleSearch.selectedRole)}">
- <redirect view-id="/roledetail.xhtml"/>
- </navigation>
- </page>
-
- <page view-id="/userdetail.xhtml">
- <navigation from-action="#{userAction.save}">
- <rule if-outcome="success">
- <redirect view-id="/usermanager.xhtml"/>
- </rule>
- </navigation>
- </page>
-
- <page view-id="/roledetail.xhtml">
- <navigation from-action="#{roleAction.save}">
- <rule if-outcome="success">
- <redirect view-id="/rolemanager.xhtml"/>
- </rule>
- </navigation>
- </page>
-
<page view-id="/profile.xhtml">
<param name="name" value="#{selectedMember.memberName}"/>
Modified: trunk/examples/seamspace/resources/import.sql
===================================================================
--- trunk/examples/seamspace/resources/import.sql 2008-05-05 13:53:54 UTC (rev 8115)
+++ trunk/examples/seamspace/resources/import.sql 2008-05-05 13:55:04 UTC (rev 8116)
@@ -33,6 +33,8 @@
update Member set picture_id = 3 where memberid = 3;
update Member set picture_id = 4 where memberid = 4;
+insert into AccountPermission (permissionId, recipient, target, action, discriminator) values (1, 'friends', 'MemberImage:5', 'view', 'role');
+
insert into MemberBlog (blogid, member_id, entrydate, title, text) values (1, 1, '2007-01-05', 'My first blog entry!', '*Lorem ipsum* dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.');
insert into MemberBlog (blogid, member_id, entrydate, title, text) values (2, 1, '2007-01-07', 'I love latin', 'Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos qui ratione voluptatem sequi nesciunt. Neque porro quisquam est, qui dolorem ipsum quia dolor sit amet, consectetur, adipisci velit, sed quia non numquam eius modi tempora incidunt ut labore et dolore magnam aliquam quaerat voluptatem. Ut enim ad minima veniam, quis nostrum exercitationem ullam corporis suscipit laboriosam, nisi ut aliquid ex ea commodi consequatur? Quis autem vel eum iure reprehenderit qui in ea voluptate velit esse quam nihil molestiae consequatur, vel illum qui dolorem eum fugiat quo voluptas nulla pariatur?');
Modified: trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/MemberImage.java
===================================================================
--- trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/MemberImage.java 2008-05-05 13:53:54 UTC (rev 8115)
+++ trunk/examples/seamspace/src/org/jboss/seam/example/seamspace/MemberImage.java 2008-05-05 13:55:04 UTC (rev 8116)
@@ -9,10 +9,7 @@
import javax.persistence.Lob;
import javax.persistence.ManyToOne;
-import org.jboss.seam.annotations.Name;
-
@Entity
-@Name("memberImage")
public class MemberImage implements Serializable
{
private static final long serialVersionUID = -8088455267213832920L;
Added: trunk/examples/seamspace/view/permissiondetail.xhtml
===================================================================
--- trunk/examples/seamspace/view/permissiondetail.xhtml (rev 0)
+++ trunk/examples/seamspace/view/permissiondetail.xhtml 2008-05-05 13:55:04 UTC (rev 8116)
@@ -0,0 +1,63 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"
+ xmlns:ui="http://java.sun.com/jsf/facelets"
+ xmlns:h="http://java.sun.com/jsf/html"
+ xmlns:f="http://java.sun.com/jsf/core"
+ xmlns:rich="http://richfaces.org/rich"
+ xmlns:s="http://jboss.com/products/seam/taglib">
+
+ <ui:composition template="template.xhtml">
+
+ <ui:define name="head">
+ <link href="style/security.css" rel="stylesheet" type="text/css"/>
+ </ui:define>
+
+ <ui:define name="content">
+
+ <div id="contentMain">
+
+ <h2>Permission Details</h2>
+
+ <h:messages globalOnly="true"/>
+
+ <h3>Granting permissions for: #{permissionSearch.target}</h3>
+
+ <h:form>
+
+ <div class="formRow">
+ <h:outputLabel for="recipient" value="Recipient" styleClass="formLabel"/>
+ <h:inputText id="recipient" value="#{permissionAction.recipient}"/>
+ <div class="validationError"><h:message for="recipient"/></div>
+ </div>
+
+ <div class="formRow">
+ <h:outputLabel for="action" value="Action" styleClass="formLabel"/>
+ <h:inputText id="action" value="#{permissionAction.action}"/>
+ <div class="validationError"><h:message for="action"/></div>
+ </div>
+
+ <div class="formRow">
+ <h:outputLabel for="actions" value="Allowable actions" styleClass="formLabel"/>
+ <div class="selectMany">
+ <h:selectManyCheckbox id="actions" value="#{permissionAction.actions}" layout="pageDirection" styleClass="roles">
+ <s:selectItems value="#{permissionManager.listAvailableActions(permissionAction.target)}" var="action" label="#{action}"/>
+ </h:selectManyCheckbox>
+ </div>
+ <div class="validationError"><h:message for="actions"/></div>
+ </div>
+
+ <div class="formButtons">
+ <h:commandButton value="Save" action="#{permissionAction.save}" styleClass="formButton"/>
+ <s:button view="/permissionmanager.xhtml" value="Cancel" propagation="end" styleClass="formButton"/>
+ </div>
+
+ <br class="clear"/>
+
+ </h:form>
+
+ </div>
+
+ </ui:define>
+
+ </ui:composition>
+</html>
Added: trunk/examples/seamspace/view/permissionmanager.page.xml
===================================================================
--- trunk/examples/seamspace/view/permissionmanager.page.xml (rev 0)
+++ trunk/examples/seamspace/view/permissionmanager.page.xml 2008-05-05 13:55:04 UTC (rev 8116)
@@ -0,0 +1,7 @@
+<!DOCTYPE page PUBLIC
+ "-//JBoss/Seam Pages Configuration DTD 1.2//EN"
+ "http://jboss.com/products/seam/pages-1.2.dtd">
+
+<page action="#{permissionSearch.refresh}">
+
+</page>
\ No newline at end of file
Modified: trunk/examples/seamspace/view/permissionmanager.xhtml
===================================================================
--- trunk/examples/seamspace/view/permissionmanager.xhtml 2008-05-05 13:53:54 UTC (rev 8115)
+++ trunk/examples/seamspace/view/permissionmanager.xhtml 2008-05-05 13:55:04 UTC (rev 8116)
@@ -16,7 +16,7 @@
<script type="text/javascript">
function confirmDelete()
{
- return confirm("Are you sure you wish to delete this permission? This action cannot be undone.");
+ return confirm("Are you sure you wish to revoke this permission? This action cannot be undone.");
}
</script>
@@ -55,8 +55,7 @@
<f:facet name="header">
Action
</f:facet>
-
- <s:link value="Delete" action="#{permissionManager.revokePermission(permissionSearch.selectedPermission)}"
+ <s:link value="Revoke" action="#{permissionManager.revokePermission(permissionSearch.selectedPermission)}"
rendered="#{s:hasPermission(permissionSearch.target, 'seam.revoke-permission')}"
onclick="return confirmDelete()"/>
</h:column>
Modified: trunk/examples/seamspace/view/pictures.xhtml
===================================================================
--- trunk/examples/seamspace/view/pictures.xhtml 2008-05-05 13:53:54 UTC (rev 8115)
+++ trunk/examples/seamspace/view/pictures.xhtml 2008-05-05 13:55:04 UTC (rev 8116)
@@ -45,7 +45,7 @@
<a href="content/images?id=#{img.imageId}" rel="lightbox[pictureset]" title="#{img.caption}">
<h:graphicImage value="/content/images?id=#{img.imageId}&width=90" border="0"/>
</a>
- <s:button view="/permissionmanager.seam" action="#{permissionSearch.loadPermissions(pictureSearch.lookupImage())}" styleClass="padlock">
+ <s:button view="/permissionmanager.seam" action="#{permissionSearch.search(pictureSearch.lookupImage())}" styleClass="padlock">
<f:param name="imageId" value="#{img.imageId}"/>
</s:button>
<s:button styleClass="trash"/>
Added: trunk/examples/seamspace/view/roledetail.page.xml
===================================================================
--- trunk/examples/seamspace/view/roledetail.page.xml (rev 0)
+++ trunk/examples/seamspace/view/roledetail.page.xml 2008-05-05 13:55:04 UTC (rev 8116)
@@ -0,0 +1,11 @@
+<!DOCTYPE page PUBLIC
+ "-//JBoss/Seam Pages Configuration DTD 1.2//EN"
+ "http://jboss.com/products/seam/pages-1.2.dtd">
+
+<page>
+ <navigation from-action="#{roleAction.save}">
+ <rule if-outcome="success">
+ <redirect view-id="/rolemanager.xhtml"/>
+ </rule>
+ </navigation>
+</page>
\ No newline at end of file
Added: trunk/examples/seamspace/view/rolemanager.page.xml
===================================================================
--- trunk/examples/seamspace/view/rolemanager.page.xml (rev 0)
+++ trunk/examples/seamspace/view/rolemanager.page.xml 2008-05-05 13:55:04 UTC (rev 8116)
@@ -0,0 +1,15 @@
+<!DOCTYPE page PUBLIC
+ "-//JBoss/Seam Pages Configuration DTD 1.2//EN"
+ "http://jboss.com/products/seam/pages-1.2.dtd">
+
+<page action="#{roleSearch.loadRoles}">
+ <restrict>#{s:hasPermission('seam.role', 'read')}</restrict>
+
+ <navigation from-action="#{roleAction.createRole}">
+ <redirect view-id="/roledetail.xhtml"/>
+ </navigation>
+
+ <navigation from-action="#{roleAction.editRole(roleSearch.selectedRole)}">
+ <redirect view-id="/roledetail.xhtml"/>
+ </navigation>
+</page>
\ No newline at end of file
Added: trunk/examples/seamspace/view/userdetail.page.xml
===================================================================
--- trunk/examples/seamspace/view/userdetail.page.xml (rev 0)
+++ trunk/examples/seamspace/view/userdetail.page.xml 2008-05-05 13:55:04 UTC (rev 8116)
@@ -0,0 +1,11 @@
+<!DOCTYPE page PUBLIC
+ "-//JBoss/Seam Pages Configuration DTD 1.2//EN"
+ "http://jboss.com/products/seam/pages-1.2.dtd">
+
+<page>
+ <navigation from-action="#{userAction.save}">
+ <rule if-outcome="success">
+ <redirect view-id="/usermanager.xhtml"/>
+ </rule>
+ </navigation>
+</page>
\ No newline at end of file
Added: trunk/examples/seamspace/view/usermanager.page.xml
===================================================================
--- trunk/examples/seamspace/view/usermanager.page.xml (rev 0)
+++ trunk/examples/seamspace/view/usermanager.page.xml 2008-05-05 13:55:04 UTC (rev 8116)
@@ -0,0 +1,15 @@
+<!DOCTYPE page PUBLIC
+ "-//JBoss/Seam Pages Configuration DTD 1.2//EN"
+ "http://jboss.com/products/seam/pages-1.2.dtd">
+
+<page action="#{userSearch.loadUsers}">
+ <restrict>#{s:hasPermission('seam.user', 'read')}</restrict>
+
+ <navigation from-action="#{userAction.createUser}">
+ <redirect view-id="/userdetail.xhtml"/>
+ </navigation>
+
+ <navigation from-action="#{userAction.editUser(userSearch.selectedUser)}">
+ <redirect view-id="/userdetail.xhtml"/>
+ </navigation>
+</page>
\ No newline at end of file
16 years, 7 months
Seam SVN: r8115 - in trunk/src/main/org/jboss/seam/security/permission: action and 1 other directory.
by seam-commits@lists.jboss.org
Author: shane.bryzak(a)jboss.com
Date: 2008-05-05 09:53:54 -0400 (Mon, 05 May 2008)
New Revision: 8115
Modified:
trunk/src/main/org/jboss/seam/security/permission/JpaPermissionStore.java
trunk/src/main/org/jboss/seam/security/permission/PermissionManager.java
trunk/src/main/org/jboss/seam/security/permission/action/PermissionSearch.java
Log:
fix permission check, optimized queries
Modified: trunk/src/main/org/jboss/seam/security/permission/JpaPermissionStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/JpaPermissionStore.java 2008-05-05 09:02:56 UTC (rev 8114)
+++ trunk/src/main/org/jboss/seam/security/permission/JpaPermissionStore.java 2008-05-05 13:53:54 UTC (rev 8115)
@@ -45,8 +45,10 @@
@BypassInterceptors
public class JpaPermissionStore implements PermissionStore, Serializable
{
- private static final LogProvider log = Logging.getLogProvider(JpaPermissionStore.class);
+ private static final LogProvider log = Logging.getLogProvider(JpaPermissionStore.class);
+ private enum Discrimination { user, role, either }
+
private ValueExpression<EntityManager> entityManager;
private Class userPermissionClass;
@@ -68,7 +70,8 @@
@Create
public void init()
- {
+ {
+ // TODO see if we can scan for this automatically
if (userPermissionClass == null)
{
log.debug("No permissionClass set, JpaDynamicPermissionStore will be unavailable.");
@@ -147,28 +150,31 @@
}
}
- protected Query createPermissionQuery(Object target, String action, Principal recipient, boolean isRole)
+ protected Query createPermissionQuery(Object target, String action, Principal recipient,
+ Discrimination discrimination)
{
int queryKey = ((target != null) ? 1 : 0);
queryKey |= (action != null ? 2 : 0);
queryKey |= (recipient != null ? 4 : 0);
- queryKey |= (isRole ? 8 : 0);
+ queryKey |= (discrimination.equals(Discrimination.user) ? 8 : 0);
+ queryKey |= (discrimination.equals(Discrimination.role) ? 16 : 0);
+ queryKey |= (discrimination.equals(Discrimination.either) ? 32 : 0);
+ boolean isRole = discrimination.equals(Discrimination.role) && rolePermissionClass != null;
+
if (!queryCache.containsKey(queryKey))
{
boolean conditionsAdded = false;
StringBuilder q = new StringBuilder();
q.append("select p from ");
- q.append(isRole && rolePermissionClass != null ? rolePermissionClass.getName() :
- userPermissionClass.getName());
+ q.append(isRole ? rolePermissionClass.getName() : userPermissionClass.getName());
q.append(" p");
if (target != null)
{
q.append(" where ");
- q.append(isRole && rolePermissionClass != null ? roleTargetProperty.getName() :
- targetProperty.getName());
+ q.append(isRole ? roleTargetProperty.getName() : targetProperty.getName());
q.append(" = :target");
conditionsAdded = true;
}
@@ -176,8 +182,7 @@
if (action != null)
{
q.append(conditionsAdded ? " and " : " where ");
- q.append(isRole && rolePermissionClass != null ? roleActionProperty.getName() :
- actionProperty.getName());
+ q.append(isRole ? roleActionProperty.getName() : actionProperty.getName());
q.append(" = :action");
conditionsAdded = true;
}
@@ -185,13 +190,13 @@
if (recipient != null)
{
q.append(conditionsAdded ? " and " : " where ");
- q.append(isRole && rolePermissionClass != null ? roleProperty.getName() :
- userProperty.getName());
+ q.append(isRole ? roleProperty.getName() : userProperty.getName());
q.append(" = :recipient");
conditionsAdded = true;
}
- if (discriminatorProperty != null)
+ // If there is no discrimination, then don't add such a condition to the query
+ if (!discrimination.equals(Discrimination.either) && discriminatorProperty != null)
{
q.append(conditionsAdded ? " and " : " where ");
q.append(discriminatorProperty.getName());
@@ -207,8 +212,13 @@
if (target != null) query.setParameter("target", identifierPolicy.getIdentifier(target));
if (action != null) query.setParameter("action", action);
if (recipient != null) query.setParameter("recipient", resolvePrincipal(recipient));
- if (discriminatorProperty != null) query.setParameter("discriminator", getDiscriminatorValue(isRole));
+ if (!discrimination.equals(Discrimination.either) && discriminatorProperty != null)
+ {
+ query.setParameter("discriminator", getDiscriminatorValue(
+ discrimination.equals(Discrimination.role)));
+ }
+
return query;
}
@@ -270,7 +280,8 @@
public boolean revokePermission(Permission permission)
{
Query qry = createPermissionQuery(permission.getTarget(), permission.getAction(),
- permission.getRecipient(), permission.getRecipient() instanceof Role);
+ permission.getRecipient(), permission.getRecipient() instanceof Role ?
+ Discrimination.role : Discrimination.user);
try
{
@@ -339,11 +350,15 @@
throw new IllegalArgumentException("Cannot resolve principal name for principal " + principal);
}
+ /**
+ * Returns a list of all user and role permissions for a specific permission target and action.
+ */
public List<Permission> listPermissions(Object target, String action)
{
List<Permission> permissions = new ArrayList<Permission>();
- Query permissionQuery = createPermissionQuery(target, action, null, false);
+ // First query for user permissions
+ Query permissionQuery = createPermissionQuery(target, action, null, Discrimination.either);
List userPermissions = permissionQuery.getResultList();
Map<String,Principal> principalCache = new HashMap<String,Principal>();
@@ -364,7 +379,7 @@
String name = resolvePrincipalName(isUser ? userProperty.getValue(permission) :
roleProperty.getValue(permission), isUser);
- String key = (isUser ? "user:" : "role:") + name;
+ String key = (isUser ? "u:" : "r:") + name;
if (!principalCache.containsKey(key))
{
@@ -380,9 +395,10 @@
principal));
}
- if (rolePermissionClass == null)
+ // If we have a separate class for role permissions, then query them now
+ if (rolePermissionClass != null)
{
- permissionQuery = createPermissionQuery(target, action, null, true);
+ permissionQuery = createPermissionQuery(target, action, null, Discrimination.role);
List rolePermissions = permissionQuery.getResultList();
for (Object permission : rolePermissions)
@@ -390,7 +406,7 @@
Principal principal;
String name = resolvePrincipalName(roleProperty.getValue(permission), false);
- String key = "role:" + name;
+ String key = "r:" + name;
if (!principalCache.containsKey(key))
{
Modified: trunk/src/main/org/jboss/seam/security/permission/PermissionManager.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/PermissionManager.java 2008-05-05 09:02:56 UTC (rev 8114)
+++ trunk/src/main/org/jboss/seam/security/permission/PermissionManager.java 2008-05-05 13:53:54 UTC (rev 8115)
@@ -85,25 +85,27 @@
public List<Permission> listPermissions(String target, String action)
{
+ if (target == null) return null;
Identity.instance().checkPermission(target, PERMISSION_READ);
return permissionStore.listPermissions(target, action);
}
public List<Permission> listPermissions(Object target)
{
+ if (target == null) return null;
Identity.instance().checkPermission(target, PERMISSION_READ);
return permissionStore.listPermissions(target);
}
public boolean grantPermission(Permission permission)
{
- Identity.instance().checkPermission(permission, PERMISSION_GRANT);
+ Identity.instance().checkPermission(permission.getTarget(), PERMISSION_GRANT);
return permissionStore.grantPermission(permission);
}
public boolean revokePermission(Permission permission)
{
- Identity.instance().checkPermission(permission, PERMISSION_REVOKE);
+ Identity.instance().checkPermission(permission.getTarget(), PERMISSION_REVOKE);
return permissionStore.revokePermission(permission);
}
}
Modified: trunk/src/main/org/jboss/seam/security/permission/action/PermissionSearch.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/action/PermissionSearch.java 2008-05-05 09:02:56 UTC (rev 8114)
+++ trunk/src/main/org/jboss/seam/security/permission/action/PermissionSearch.java 2008-05-05 13:53:54 UTC (rev 8115)
@@ -32,9 +32,13 @@
private Object target;
@Begin
- public void loadPermissions(Object target)
+ public void search(Object target)
{
this.target = target;
+ }
+
+ public void refresh()
+ {
permissions = permissionManager.listPermissions(target);
}
16 years, 7 months
Seam SVN: r8114 - in trunk/examples/seamspace: view and 1 other directories.
by seam-commits@lists.jboss.org
Author: shane.bryzak(a)jboss.com
Date: 2008-05-05 05:02:56 -0400 (Mon, 05 May 2008)
New Revision: 8114
Added:
trunk/examples/seamspace/view/style/btn_newpermission.png
Modified:
trunk/examples/seamspace/resources/META-INF/security-rules.drl
trunk/examples/seamspace/view/permissionmanager.xhtml
trunk/examples/seamspace/view/style/security.css
trunk/examples/seamspace/view/template.xhtml
Log:
cosmetic, minor
Modified: trunk/examples/seamspace/resources/META-INF/security-rules.drl
===================================================================
--- trunk/examples/seamspace/resources/META-INF/security-rules.drl 2008-05-05 07:40:31 UTC (rev 8113)
+++ trunk/examples/seamspace/resources/META-INF/security-rules.drl 2008-05-05 09:02:56 UTC (rev 8114)
@@ -15,6 +15,19 @@
import org.jboss.seam.example.seamspace.MemberFriend;
import org.jboss.seam.example.seamspace.MemberImage;
+# This rule allows members to grant permissions on their images to other users/roles
+
+rule GrantImagePermissions
+ no-loop
+ activation-group "permissions"
+when
+ acct: MemberAccount()
+ image: MemberImage(mbr : member -> (mbr.memberId.equals(acct.member.memberId)))
+ check: PermissionCheck(target == image, action == "seam.grant-permission", granted == false)
+then
+ check.grant();
+end
+
rule ViewProfileImage
no-loop
activation-group "permissions"
Modified: trunk/examples/seamspace/view/permissionmanager.xhtml
===================================================================
--- trunk/examples/seamspace/view/permissionmanager.xhtml 2008-05-05 07:40:31 UTC (rev 8113)
+++ trunk/examples/seamspace/view/permissionmanager.xhtml 2008-05-05 09:02:56 UTC (rev 8114)
@@ -41,15 +41,15 @@
columnClasses=",,enabled,action">
<h:column width="auto">
<f:facet name="header">
- Action
+ Recipient
</f:facet>
- #{permission.action}
+ #{permission.recipient}
</h:column>
<h:column width="auto">
<f:facet name="header">
- Recipient
+ Actions Allowed
</f:facet>
- #{permission.recipient}
+ #{permission.action}
</h:column>
<h:column width="auto">
<f:facet name="header">
Added: trunk/examples/seamspace/view/style/btn_newpermission.png
===================================================================
(Binary files differ)
Property changes on: trunk/examples/seamspace/view/style/btn_newpermission.png
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Modified: trunk/examples/seamspace/view/style/security.css
===================================================================
--- trunk/examples/seamspace/view/style/security.css 2008-05-05 07:40:31 UTC (rev 8113)
+++ trunk/examples/seamspace/view/style/security.css 2008-05-05 09:02:56 UTC (rev 8114)
@@ -16,6 +16,15 @@
cursor: pointer;
}
+input.newpermission {
+ background: url(btn_newpermission.png) top left no-repeat;
+ height: 39px;
+ width: 113px;
+ margin: 4px 4px 4px 4px;
+ border: 0px;
+ cursor: pointer;
+}
+
input.manageusers {
display: block;
background: url(manage_users.png) top left no-repeat;
Modified: trunk/examples/seamspace/view/template.xhtml
===================================================================
--- trunk/examples/seamspace/view/template.xhtml 2008-05-05 07:40:31 UTC (rev 8113)
+++ trunk/examples/seamspace/view/template.xhtml 2008-05-05 09:02:56 UTC (rev 8114)
@@ -2,7 +2,8 @@
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:s="http://jboss.com/products/seam/taglib"
- xmlns:h="http://java.sun.com/jsf/html">
+ xmlns:h="http://java.sun.com/jsf/html"
+ xmlns:f="http://java.sun.com/jsf/core">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
@@ -17,9 +18,17 @@
<div id="header">
<div class="headerRight">
<div class="headerMenu">
- <!--s:link action="" value="SignUp"/-->
+
+ <s:fragment rendered="#{identity.loggedIn}">
+ <s:link view="/profile.xhtml" value="My Profile" propagation="none">
+ <f:param name="name" value="#{authenticatedMember.memberName}"/>
+ </s:link>
+ <h:outputText styleClass="divider" value=" | "/>
+ </s:fragment>
+
<s:fragment rendered="#{s:hasRole('admin')}">
- <s:link view="/security.xhtml" value="Security" propagation="none"/><h:outputText styleClass="divider" value=" | "/>
+ <s:link view="/security.xhtml" value="Security" propagation="none"/>
+ <h:outputText styleClass="divider" value=" | "/>
</s:fragment>
<s:link action="#{identity.logout}" value="Log out" rendered="#{identity.loggedIn}"/>
16 years, 7 months
Seam SVN: r8113 - trunk/examples/seamspace/view.
by seam-commits@lists.jboss.org
Author: shane.bryzak(a)jboss.com
Date: 2008-05-05 03:40:31 -0400 (Mon, 05 May 2008)
New Revision: 8113
Modified:
trunk/examples/seamspace/view/permissionmanager.xhtml
Log:
permission management datatable
Modified: trunk/examples/seamspace/view/permissionmanager.xhtml
===================================================================
--- trunk/examples/seamspace/view/permissionmanager.xhtml 2008-05-05 07:39:59 UTC (rev 8112)
+++ trunk/examples/seamspace/view/permissionmanager.xhtml 2008-05-05 07:40:31 UTC (rev 8113)
@@ -24,6 +24,43 @@
<h2>Permission Manager</h2>
+ <h3>Managing permissions for: #{permissionSearch.target}</h3>
+
+ <s:button action="#{permissionAction.createPermission}"
+ styleClass="newpermission"
+ rendered="#{s:hasPermission(permissionSearch.target, 'seam.grant-permission')}"/>
+
+ <h:dataTable
+ id="threads"
+ value="#{permissions}"
+ var="permission"
+ styleClass="security"
+ cellspacing="0"
+ headerClass="header"
+ rowClasses="odd,even"
+ columnClasses=",,enabled,action">
+ <h:column width="auto">
+ <f:facet name="header">
+ Action
+ </f:facet>
+ #{permission.action}
+ </h:column>
+ <h:column width="auto">
+ <f:facet name="header">
+ Recipient
+ </f:facet>
+ #{permission.recipient}
+ </h:column>
+ <h:column width="auto">
+ <f:facet name="header">
+ Action
+ </f:facet>
+
+ <s:link value="Delete" action="#{permissionManager.revokePermission(permissionSearch.selectedPermission)}"
+ rendered="#{s:hasPermission(permissionSearch.target, 'seam.revoke-permission')}"
+ onclick="return confirmDelete()"/>
+ </h:column>
+ </h:dataTable>
</div>
16 years, 7 months
Seam SVN: r8112 - in trunk/src/main/org/jboss/seam/security/permission: action and 1 other directory.
by seam-commits@lists.jboss.org
Author: shane.bryzak(a)jboss.com
Date: 2008-05-05 03:39:59 -0400 (Mon, 05 May 2008)
New Revision: 8112
Modified:
trunk/src/main/org/jboss/seam/security/permission/PersistentPermissionResolver.java
trunk/src/main/org/jboss/seam/security/permission/action/PermissionSearch.java
Log:
minor
Modified: trunk/src/main/org/jboss/seam/security/permission/PersistentPermissionResolver.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/PersistentPermissionResolver.java 2008-05-05 07:16:12 UTC (rev 8111)
+++ trunk/src/main/org/jboss/seam/security/permission/PersistentPermissionResolver.java 2008-05-05 07:39:59 UTC (rev 8112)
@@ -35,16 +35,12 @@
{
private PermissionStore permissionStore;
- private IdentifierPolicy identifierPolicy;
-
private static final LogProvider log = Logging.getLogProvider(PersistentPermissionResolver.class);
@Create
public void create()
{
initPermissionStore();
-
- identifierPolicy = (IdentifierPolicy) Component.getInstance(IdentifierPolicy.class, true);
}
protected void initPermissionStore()
@@ -77,12 +73,10 @@
Identity identity = Identity.instance();
- if (!identity.isLoggedIn()) return false;
+ if (!identity.isLoggedIn()) return false;
- String identifier = identifierPolicy.getIdentifier(target);
+ List<Permission> permissions = permissionStore.listPermissions(target, action);
- List<Permission> permissions = permissionStore.listPermissions(identifier, action);
-
String username = identity.getPrincipal().getName();
for (Permission permission : permissions)
Modified: trunk/src/main/org/jboss/seam/security/permission/action/PermissionSearch.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/action/PermissionSearch.java 2008-05-05 07:16:12 UTC (rev 8111)
+++ trunk/src/main/org/jboss/seam/security/permission/action/PermissionSearch.java 2008-05-05 07:39:59 UTC (rev 8112)
@@ -37,4 +37,14 @@
this.target = target;
permissions = permissionManager.listPermissions(target);
}
+
+ public Object getTarget()
+ {
+ return target;
+ }
+
+ public Permission getSelectedPermission()
+ {
+ return selectedPermission;
+ }
}
16 years, 7 months
Seam SVN: r8111 - trunk/src/main/org/jboss/seam/security/permission.
by seam-commits@lists.jboss.org
Author: shane.bryzak(a)jboss.com
Date: 2008-05-05 03:16:12 -0400 (Mon, 05 May 2008)
New Revision: 8111
Modified:
trunk/src/main/org/jboss/seam/security/permission/IdentifierPolicy.java
trunk/src/main/org/jboss/seam/security/permission/JpaPermissionStore.java
Log:
improved query construction, use identifier policy for permission target identifiers
Modified: trunk/src/main/org/jboss/seam/security/permission/IdentifierPolicy.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/IdentifierPolicy.java 2008-05-04 07:33:26 UTC (rev 8110)
+++ trunk/src/main/org/jboss/seam/security/permission/IdentifierPolicy.java 2008-05-05 07:16:12 UTC (rev 8111)
@@ -14,6 +14,13 @@
import org.jboss.seam.annotations.intercept.BypassInterceptors;
import org.jboss.seam.annotations.security.permission.Identifier;
+/**
+ * A policy for the generation of object "identifiers" - unique Strings that identify a specific
+ * instance of an object. A policy can consist of numerous identifier strategies, each with the
+ * ability to generate identifiers for specific classes of objects.
+ *
+ * @author Shane Bryzak
+ */
@Name("org.jboss.seam.security.identifierPolicy")
@Scope(APPLICATION)
@BypassInterceptors
Modified: trunk/src/main/org/jboss/seam/security/permission/JpaPermissionStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/JpaPermissionStore.java 2008-05-04 07:33:26 UTC (rev 8110)
+++ trunk/src/main/org/jboss/seam/security/permission/JpaPermissionStore.java 2008-05-05 07:16:12 UTC (rev 8111)
@@ -62,8 +62,9 @@
private AnnotatedBeanProperty<PermissionTarget> roleTargetProperty;
private AnnotatedBeanProperty<PermissionAction> roleActionProperty;
- private String selectUserPermissionQuery;
- private String selectRolePermissionQuery;
+ private Map<Integer,String> queryCache = new HashMap<Integer,String>();
+
+ private IdentifierPolicy identifierPolicy;
@Create
public void init()
@@ -76,11 +77,13 @@
if (entityManager == null)
{
- entityManager = Expressions.instance().createValueExpression("#{entityManager}", EntityManager.class);
+ entityManager = Expressions.instance().createValueExpression("#{entityManager}",
+ EntityManager.class);
}
initProperties();
- buildQueries();
+
+ identifierPolicy = (IdentifierPolicy) Component.getInstance(IdentifierPolicy.class, true);
}
protected void initProperties()
@@ -94,8 +97,10 @@
roleProperty = AnnotatedBeanProperty.scanForProperty(rolePermissionClass, PermissionRole.class);
if (roleProperty != null)
{
- roleTargetProperty = AnnotatedBeanProperty.scanForProperty(rolePermissionClass, PermissionTarget.class);
- roleActionProperty = AnnotatedBeanProperty.scanForProperty(rolePermissionClass, PermissionAction.class);
+ roleTargetProperty = AnnotatedBeanProperty.scanForProperty(rolePermissionClass,
+ PermissionTarget.class);
+ roleActionProperty = AnnotatedBeanProperty.scanForProperty(rolePermissionClass,
+ PermissionAction.class);
}
}
else
@@ -103,7 +108,8 @@
roleProperty = AnnotatedBeanProperty.scanForProperty(userPermissionClass, PermissionRole.class);
if (roleProperty != null)
{
- discriminatorProperty = AnnotatedBeanProperty.scanForProperty(userPermissionClass, PermissionDiscriminator.class);
+ discriminatorProperty = AnnotatedBeanProperty.scanForProperty(userPermissionClass,
+ PermissionDiscriminator.class);
}
}
@@ -141,36 +147,69 @@
}
}
- protected void buildQueries()
+ protected Query createPermissionQuery(Object target, String action, Principal recipient, boolean isRole)
{
- StringBuffer query = new StringBuffer();
- query.append("select p from ");
- query.append(userPermissionClass.getName());
- query.append(" p where ");
- query.append(targetProperty.getName());
- query.append(" = :target and ");
- query.append(actionProperty.getName());
- query.append(" = :action");
-
- selectUserPermissionQuery = query.toString();
+ int queryKey = ((target != null) ? 1 : 0);
+ queryKey |= (action != null ? 2 : 0);
+ queryKey |= (recipient != null ? 4 : 0);
+ queryKey |= (isRole ? 8 : 0);
- if (rolePermissionClass != null)
- {
- query.setLength(0);
- query.append("select p from ");
- query.append(rolePermissionClass.getName());
- query.append(" p where ");
- query.append(roleTargetProperty.getName());
- query.append(" = :target and ");
- query.append(roleActionProperty.getName());
- query.append(" = :action");
+ if (!queryCache.containsKey(queryKey))
+ {
+ boolean conditionsAdded = false;
- selectRolePermissionQuery = query.toString();
+ StringBuilder q = new StringBuilder();
+ q.append("select p from ");
+ q.append(isRole && rolePermissionClass != null ? rolePermissionClass.getName() :
+ userPermissionClass.getName());
+ q.append(" p");
+
+ if (target != null)
+ {
+ q.append(" where ");
+ q.append(isRole && rolePermissionClass != null ? roleTargetProperty.getName() :
+ targetProperty.getName());
+ q.append(" = :target");
+ conditionsAdded = true;
+ }
+
+ if (action != null)
+ {
+ q.append(conditionsAdded ? " and " : " where ");
+ q.append(isRole && rolePermissionClass != null ? roleActionProperty.getName() :
+ actionProperty.getName());
+ q.append(" = :action");
+ conditionsAdded = true;
+ }
+
+ if (recipient != null)
+ {
+ q.append(conditionsAdded ? " and " : " where ");
+ q.append(isRole && rolePermissionClass != null ? roleProperty.getName() :
+ userProperty.getName());
+ q.append(" = :recipient");
+ conditionsAdded = true;
+ }
+
+ if (discriminatorProperty != null)
+ {
+ q.append(conditionsAdded ? " and " : " where ");
+ q.append(discriminatorProperty.getName());
+ q.append(" = :discriminator");
+ conditionsAdded = true;
+ }
+
+ queryCache.put(queryKey, q.toString());
}
- else
- {
- selectRolePermissionQuery = selectUserPermissionQuery;
- }
+
+ Query query = lookupEntityManager().createQuery(queryCache.get(queryKey));
+
+ if (target != null) query.setParameter("target", identifierPolicy.getIdentifier(target));
+ if (action != null) query.setParameter("action", action);
+ if (recipient != null) query.setParameter("recipient", resolvePrincipal(recipient));
+ if (discriminatorProperty != null) query.setParameter("discriminator", getDiscriminatorValue(isRole));
+
+ return query;
}
public boolean grantPermission(Permission permission)
@@ -184,7 +223,7 @@
if (rolePermissionClass != null)
{
Object instance = rolePermissionClass.newInstance();
- roleTargetProperty.setValue(instance, permission.getTarget().toString());
+ roleTargetProperty.setValue(instance, identifierPolicy.getIdentifier(permission.getTarget()));
roleActionProperty.setValue(instance, permission.getAction());
roleProperty.setValue(instance, permission.getRecipient().getName());
lookupEntityManager().persist(instance);
@@ -203,7 +242,7 @@
}
Object instance = userPermissionClass.newInstance();
- targetProperty.setValue(instance, permission.getTarget().toString());
+ targetProperty.setValue(instance, identifierPolicy.getIdentifier(permission.getTarget()));
actionProperty.setValue(instance, permission.getAction());
userProperty.setValue(instance, resolvePrincipal(permission.getRecipient()));
@@ -230,25 +269,13 @@
public boolean revokePermission(Permission permission)
{
- boolean recipientIsRole = permission.getRecipient() instanceof Role;
-
- EntityManager em = lookupEntityManager();
-
- Query qry = em.createQuery(recipientIsRole ? selectRolePermissionQuery :
- selectUserPermissionQuery)
- .setParameter("target", permission.getTarget())
- .setParameter("action", permission.getAction())
- .setParameter("recipient", resolvePrincipal(permission.getRecipient()));
-
- if (discriminatorProperty != null)
- {
- qry.setParameter("discriminator", getDiscriminatorValue(recipientIsRole));
- }
-
+ Query qry = createPermissionQuery(permission.getTarget(), permission.getAction(),
+ permission.getRecipient(), permission.getRecipient() instanceof Role);
+
try
{
Object instance = qry.getSingleResult();
- em.remove(instance);
+ lookupEntityManager().remove(instance);
return true;
}
catch (NoResultException ex)
@@ -316,14 +343,7 @@
{
List<Permission> permissions = new ArrayList<Permission>();
- Query permissionQuery = lookupEntityManager().createQuery(selectUserPermissionQuery)
- .setParameter("target", target);
-
- if (action != null)
- {
- permissionQuery.setParameter("action", action);
- }
-
+ Query permissionQuery = createPermissionQuery(target, action, null, false);
List userPermissions = permissionQuery.getResultList();
Map<String,Principal> principalCache = new HashMap<String,Principal>();
@@ -362,14 +382,7 @@
if (rolePermissionClass == null)
{
- permissionQuery = lookupEntityManager().createQuery(selectRolePermissionQuery)
- .setParameter("target", target);
-
- if (action != null)
- {
- permissionQuery.setParameter("action", action);
- }
-
+ permissionQuery = createPermissionQuery(target, action, null, true);
List rolePermissions = permissionQuery.getResultList();
for (Object permission : rolePermissions)
16 years, 7 months