Seam SVN: r13335 - sandbox.
by seam-commits@lists.jboss.org
Author: lincolnthree
Date: 2010-07-06 13:11:25 -0400 (Tue, 06 Jul 2010)
New Revision: 13335
Removed:
sandbox/encore/
Log:
removing
13 years, 10 months
Seam SVN: r13334 - in modules/security/trunk/impl/src/main/java/org/jboss/seam/security: permission and 1 other directory.
by seam-commits@lists.jboss.org
Author: shane.bryzak(a)jboss.com
Date: 2010-07-05 23:51:13 -0400 (Mon, 05 Jul 2010)
New Revision: 13334
Modified:
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/JpaIdentityStore.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/JpaPermissionStore.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/PersistentPermissionResolver.java
Log:
minor
Modified: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/JpaIdentityStore.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/JpaIdentityStore.java 2010-07-06 03:45:21 UTC (rev 13333)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/JpaIdentityStore.java 2010-07-06 03:51:13 UTC (rev 13334)
@@ -798,7 +798,7 @@
for (Property<Object> p : props)
{
- if (p.getJavaClass().isAnnotationPresent(Entity.class))
+ if (!p.isReadOnly() && p.getJavaClass().isAnnotationPresent(Entity.class))
{
List<Property<Object>> pp = PropertyQueries.createQuery(p.getJavaClass())
.addCriteria(new PropertyTypeCriteria(PropertyType.ATTRIBUTE))
Modified: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/JpaPermissionStore.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/JpaPermissionStore.java 2010-07-06 03:45:21 UTC (rev 13333)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/JpaPermissionStore.java 2010-07-06 03:51:13 UTC (rev 13334)
@@ -89,7 +89,7 @@
// TODO see if we can scan for this automatically
if (identityPermissionClass == null)
{
- log.debug("No permissionClass set, JpaPermissionStore will be unavailable.");
+ log.debug("No identityPermissionClass set, JpaPermissionStore will be unavailable.");
return;
}
Modified: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/PersistentPermissionResolver.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/PersistentPermissionResolver.java 2010-07-06 03:45:21 UTC (rev 13333)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/PersistentPermissionResolver.java 2010-07-06 03:51:13 UTC (rev 13334)
@@ -46,28 +46,31 @@
String username = identity.getPrincipal().getName();
- for (Permission permission : permissions)
- {
- if (permission.getIdentity() instanceof SimplePrincipal &&
- username.equals(permission.getIdentity().getName()))
+ if (permissions != null)
+ {
+ for (Permission permission : permissions)
{
- return true;
- }
-
- //if (permission.getRecipient() instanceof RoleImpl)
- //{
- // RoleImpl role = (RoleImpl) permission.getRecipient();
-
- // TODO fix this
- /*if (role.isConditional())
+ if (permission.getIdentity() instanceof SimplePrincipal &&
+ username.equals(permission.getIdentity().getName()))
{
- if (ruleBasedPermissionResolver.checkConditionalRole(role.getRoleType(), target, action)) return true;
+ return true;
}
- else if (identity.hasRole(role.getRoleType()))
- {
- return true;
- }*/
- //}
+
+ //if (permission.getRecipient() instanceof RoleImpl)
+ //{
+ // RoleImpl role = (RoleImpl) permission.getRecipient();
+
+ // TODO fix this
+ /*if (role.isConditional())
+ {
+ if (ruleBasedPermissionResolver.checkConditionalRole(role.getRoleType(), target, action)) return true;
+ }
+ else if (identity.hasRole(role.getRoleType()))
+ {
+ return true;
+ }*/
+ //}
+ }
}
return false;
13 years, 10 months
Seam SVN: r13333 - in modules/security/trunk/examples/idmconsole: src/main/java/org/jboss/seam/security/examples/idmconsole/model and 2 other directories.
by seam-commits@lists.jboss.org
Author: shane.bryzak(a)jboss.com
Date: 2010-07-05 23:45:21 -0400 (Mon, 05 Jul 2010)
New Revision: 13333
Added:
modules/security/trunk/examples/idmconsole/src/main/webapp/WEB-INF/classes/
modules/security/trunk/examples/idmconsole/src/main/webapp/WEB-INF/classes/seam-beans.xml
Modified:
modules/security/trunk/examples/idmconsole/pom.xml
modules/security/trunk/examples/idmconsole/src/main/java/org/jboss/seam/security/examples/idmconsole/model/IdentityPermission.java
modules/security/trunk/examples/idmconsole/src/main/webapp/WEB-INF/beans.xml
Log:
add permission annotations, fix xml configuration
Modified: modules/security/trunk/examples/idmconsole/pom.xml
===================================================================
--- modules/security/trunk/examples/idmconsole/pom.xml 2010-07-06 01:00:46 UTC (rev 13332)
+++ modules/security/trunk/examples/idmconsole/pom.xml 2010-07-06 03:45:21 UTC (rev 13333)
@@ -76,6 +76,11 @@
</exclusions>
</dependency>
+ <dependency>
+ <groupId>org.jboss.seam.xml</groupId>
+ <artifactId>seam-xml-config</artifactId>
+ </dependency>
+
<!-- CDI (JSR-299) -->
<dependency>
<groupId>javax.enterprise</groupId>
Modified: modules/security/trunk/examples/idmconsole/src/main/java/org/jboss/seam/security/examples/idmconsole/model/IdentityPermission.java
===================================================================
--- modules/security/trunk/examples/idmconsole/src/main/java/org/jboss/seam/security/examples/idmconsole/model/IdentityPermission.java 2010-07-06 01:00:46 UTC (rev 13332)
+++ modules/security/trunk/examples/idmconsole/src/main/java/org/jboss/seam/security/examples/idmconsole/model/IdentityPermission.java 2010-07-06 03:45:21 UTC (rev 13333)
@@ -1,5 +1,7 @@
package org.jboss.seam.security.examples.idmconsole.model;
+import static org.jboss.seam.security.annotations.permission.PermissionPropertyType.*;
+
import java.io.Serializable;
import javax.persistence.Entity;
@@ -8,6 +10,8 @@
import javax.persistence.ManyToOne;
import javax.validation.constraints.NotNull;
+import org.jboss.seam.security.annotations.permission.PermissionProperty;
+
/**
* This entity stores ACL permissions
*
@@ -47,7 +51,7 @@
*
* @return
*/
- @NotNull @ManyToOne
+ @NotNull @ManyToOne @PermissionProperty(IDENTITY)
public IdentityObject getIdentityObject()
{
return identityObject;
@@ -67,7 +71,7 @@
*
* @return
*/
- @ManyToOne
+ @ManyToOne @PermissionProperty(RELATIONSHIP_TYPE)
public IdentityObjectRelationshipType getRelationshipType()
{
return relationshipType;
@@ -85,6 +89,7 @@
*
* @return
*/
+ @PermissionProperty(RELATIONSHIP_NAME)
public String getRelationshipName()
{
return relationshipName;
@@ -100,6 +105,7 @@
*
* @return
*/
+ @PermissionProperty(RESOURCE)
public String getResource()
{
return resource;
@@ -117,6 +123,7 @@
*
* @return
*/
+ @PermissionProperty(PERMISSION)
public String getPermission()
{
return permission;
Modified: modules/security/trunk/examples/idmconsole/src/main/webapp/WEB-INF/beans.xml
===================================================================
--- modules/security/trunk/examples/idmconsole/src/main/webapp/WEB-INF/beans.xml 2010-07-06 01:00:46 UTC (rev 13332)
+++ modules/security/trunk/examples/idmconsole/src/main/webapp/WEB-INF/beans.xml 2010-07-06 03:45:21 UTC (rev 13333)
@@ -5,15 +5,8 @@
-->
<beans xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:s="urn:java:seam:core"
- xmlns:perm="org.jboss.seam.security.permission"
xsi:schemaLocation="
http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/beans_1_0.xsd">
- <perm:JpaPermissionStore>
- <s:specializes/>
-
- <perm:identityPermissionClass>org.jboss.seam.security.examples.idmconsole.model.IdentityPermission</perm:identityPermissionClass>
- </perm:JpaPermissionStore>
</beans>
Added: modules/security/trunk/examples/idmconsole/src/main/webapp/WEB-INF/classes/seam-beans.xml
===================================================================
--- modules/security/trunk/examples/idmconsole/src/main/webapp/WEB-INF/classes/seam-beans.xml (rev 0)
+++ modules/security/trunk/examples/idmconsole/src/main/webapp/WEB-INF/classes/seam-beans.xml 2010-07-06 03:45:21 UTC (rev 13333)
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ The contents of this file is permitted to be empty.
+ The schema definition is provided for your convenience.
+-->
+<beans xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:s="urn:java:seam:core"
+ xmlns:perm="org.jboss.seam.security.permission"
+ xsi:schemaLocation="
+ http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/beans_1_0.xsd">
+
+ <perm:JpaPermissionStore>
+ <s:specializes/>
+
+ <perm:identityPermissionClass>org.jboss.seam.security.examples.idmconsole.model.IdentityPermission</perm:identityPermissionClass>
+ </perm:JpaPermissionStore>
+</beans>
13 years, 10 months
Seam SVN: r13332 - in modules/security/trunk: api/src/main/java/org/jboss/seam/security/annotations/permission and 4 other directories.
by seam-commits@lists.jboss.org
Author: shane.bryzak(a)jboss.com
Date: 2010-07-05 21:00:46 -0400 (Mon, 05 Jul 2010)
New Revision: 13332
Added:
modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/permission/PermissionProperty.java
modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/permission/PermissionPropertyType.java
modules/security/trunk/api/src/main/java/org/jboss/seam/security/permission/Permission.java
modules/security/trunk/api/src/main/java/org/jboss/seam/security/permission/PermissionStore.java
Removed:
modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/permission/PermissionAction.java
modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/permission/PermissionRecipient.java
modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/permission/PermissionRecipientType.java
modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/permission/PermissionRole.java
modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/permission/PermissionTarget.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/Permission.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/PermissionStore.java
Modified:
modules/security/trunk/api/pom.xml
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/JpaIdentityStore.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/JpaPermissionStore.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/PermissionManager.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/PermissionMetadata.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/PersistentPermissionResolver.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/action/PermissionSearch.java
Log:
refactor, fix compiler errors
Modified: modules/security/trunk/api/pom.xml
===================================================================
--- modules/security/trunk/api/pom.xml 2010-07-06 00:36:45 UTC (rev 13331)
+++ modules/security/trunk/api/pom.xml 2010-07-06 01:00:46 UTC (rev 13332)
@@ -27,6 +27,17 @@
<artifactId>picketlink-idm-api</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.picketlink.idm</groupId>
+ <artifactId>picketlink-idm-core</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+
</dependencies>
</project>
Deleted: modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/permission/PermissionAction.java
===================================================================
--- modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/permission/PermissionAction.java 2010-07-06 00:36:45 UTC (rev 13331)
+++ modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/permission/PermissionAction.java 2010-07-06 01:00:46 UTC (rev 13332)
@@ -1,25 +0,0 @@
-package org.jboss.seam.security.annotations.permission;
-
-import static java.lang.annotation.ElementType.FIELD;
-import static java.lang.annotation.ElementType.METHOD;
-import static java.lang.annotation.RetentionPolicy.RUNTIME;
-
-import java.lang.annotation.Documented;
-import java.lang.annotation.Inherited;
-import java.lang.annotation.Retention;
-import java.lang.annotation.Target;
-
-/**
- * Flags an entity field or method as representing the action component of a permission, e.g. "update",
- * "delete".
- *
- * @author Shane Bryzak
- */
-@Target({METHOD,FIELD})
-@Documented
-@Retention(RUNTIME)
-@Inherited
-public @interface PermissionAction
-{
-
-}
Added: modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/permission/PermissionProperty.java
===================================================================
--- modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/permission/PermissionProperty.java (rev 0)
+++ modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/permission/PermissionProperty.java 2010-07-06 01:00:46 UTC (rev 13332)
@@ -0,0 +1,24 @@
+package org.jboss.seam.security.annotations.permission;
+
+import static java.lang.annotation.ElementType.FIELD;
+import static java.lang.annotation.ElementType.METHOD;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.Inherited;
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+/**
+ * Marks an entity field or method as being a property for storing permission
+ * related data.
+ *
+ * @author Shane Bryzak
+ */
+@Target({METHOD,FIELD})
+@Documented
+@Retention(RUNTIME)
+@Inherited
+public @interface PermissionProperty {
+ PermissionPropertyType value();
+}
Added: modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/permission/PermissionPropertyType.java
===================================================================
--- modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/permission/PermissionPropertyType.java (rev 0)
+++ modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/permission/PermissionPropertyType.java 2010-07-06 01:00:46 UTC (rev 13332)
@@ -0,0 +1,5 @@
+package org.jboss.seam.security.annotations.permission;
+
+public enum PermissionPropertyType {
+ IDENTITY, RELATIONSHIP_TYPE, RELATIONSHIP_NAME, RESOURCE, PERMISSION
+}
Deleted: modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/permission/PermissionRecipient.java
===================================================================
--- modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/permission/PermissionRecipient.java 2010-07-06 00:36:45 UTC (rev 13331)
+++ modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/permission/PermissionRecipient.java 2010-07-06 01:00:46 UTC (rev 13332)
@@ -1,24 +0,0 @@
-package org.jboss.seam.security.annotations.permission;
-
-import static java.lang.annotation.ElementType.FIELD;
-import static java.lang.annotation.ElementType.METHOD;
-import static java.lang.annotation.RetentionPolicy.RUNTIME;
-
-import java.lang.annotation.Documented;
-import java.lang.annotation.Inherited;
-import java.lang.annotation.Retention;
-import java.lang.annotation.Target;
-
-/**
- * Flags an entity field or method as representing the recipient of a permission.
- *
- * @author Shane Bryzak
- */
-@Target({METHOD,FIELD})
-@Documented
-@Retention(RUNTIME)
-@Inherited
-public @interface PermissionRecipient
-{
-
-}
Deleted: modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/permission/PermissionRecipientType.java
===================================================================
--- modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/permission/PermissionRecipientType.java 2010-07-06 00:36:45 UTC (rev 13331)
+++ modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/permission/PermissionRecipientType.java 2010-07-06 01:00:46 UTC (rev 13332)
@@ -1,22 +0,0 @@
-package org.jboss.seam.security.annotations.permission;
-
-import static java.lang.annotation.ElementType.FIELD;
-import static java.lang.annotation.ElementType.METHOD;
-import static java.lang.annotation.RetentionPolicy.RUNTIME;
-
-import java.lang.annotation.Documented;
-import java.lang.annotation.Inherited;
-import java.lang.annotation.Retention;
-import java.lang.annotation.Target;
-
-/**
- *
- * @author Shane Bryzak
- */
-@Target({METHOD,FIELD})
-@Documented
-@Retention(RUNTIME)
-@Inherited
-public @interface PermissionRecipientType {
-
-}
Deleted: modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/permission/PermissionRole.java
===================================================================
--- modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/permission/PermissionRole.java 2010-07-06 00:36:45 UTC (rev 13331)
+++ modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/permission/PermissionRole.java 2010-07-06 01:00:46 UTC (rev 13332)
@@ -1,24 +0,0 @@
-package org.jboss.seam.security.annotations.permission;
-
-import static java.lang.annotation.ElementType.FIELD;
-import static java.lang.annotation.ElementType.METHOD;
-import static java.lang.annotation.RetentionPolicy.RUNTIME;
-
-import java.lang.annotation.Documented;
-import java.lang.annotation.Inherited;
-import java.lang.annotation.Retention;
-import java.lang.annotation.Target;
-
-/**
- * Flags an entity field or method as representing the role that a permission is assigned to.
- *
- * @author Shane Bryzak
- */
-@Target({METHOD,FIELD})
-@Documented
-@Retention(RUNTIME)
-@Inherited
-public @interface PermissionRole
-{
-
-}
Deleted: modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/permission/PermissionTarget.java
===================================================================
--- modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/permission/PermissionTarget.java 2010-07-06 00:36:45 UTC (rev 13331)
+++ modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/permission/PermissionTarget.java 2010-07-06 01:00:46 UTC (rev 13332)
@@ -1,24 +0,0 @@
-package org.jboss.seam.security.annotations.permission;
-
-import static java.lang.annotation.ElementType.FIELD;
-import static java.lang.annotation.ElementType.METHOD;
-import static java.lang.annotation.RetentionPolicy.RUNTIME;
-
-import java.lang.annotation.Documented;
-import java.lang.annotation.Inherited;
-import java.lang.annotation.Retention;
-import java.lang.annotation.Target;
-
-/**
- * Flags an entity field or method as representing the target of a permission.
- *
- * @author Shane Bryzak
- */
-@Target({METHOD,FIELD})
-@Documented
-@Retention(RUNTIME)
-@Inherited
-public @interface PermissionTarget
-{
-
-}
Copied: modules/security/trunk/api/src/main/java/org/jboss/seam/security/permission/Permission.java (from rev 13148, modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/Permission.java)
===================================================================
--- modules/security/trunk/api/src/main/java/org/jboss/seam/security/permission/Permission.java (rev 0)
+++ modules/security/trunk/api/src/main/java/org/jboss/seam/security/permission/Permission.java 2010-07-06 01:00:46 UTC (rev 13332)
@@ -0,0 +1,39 @@
+package org.jboss.seam.security.permission;
+
+import java.io.Serializable;
+
+import org.picketlink.idm.spi.model.IdentityObject;
+
+/**
+ * Represents a single permission for a particular target, action and recipient combination.
+ *
+ * @author Shane Bryzak
+ */
+public class Permission implements Serializable
+{
+ private Object resource;
+ private String permission;
+ private IdentityObject identity;
+
+ public Permission(Object resource, String permission, IdentityObject identity)
+ {
+ this.resource = resource;
+ this.permission = permission;
+ this.identity = identity;
+ }
+
+ public Object getResource()
+ {
+ return resource;
+ }
+
+ public String getPermission()
+ {
+ return permission;
+ }
+
+ public IdentityObject getIdentity()
+ {
+ return identity;
+ }
+}
Copied: modules/security/trunk/api/src/main/java/org/jboss/seam/security/permission/PermissionStore.java (from rev 13148, modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/PermissionStore.java)
===================================================================
--- modules/security/trunk/api/src/main/java/org/jboss/seam/security/permission/PermissionStore.java (rev 0)
+++ modules/security/trunk/api/src/main/java/org/jboss/seam/security/permission/PermissionStore.java 2010-07-06 01:00:46 UTC (rev 13332)
@@ -0,0 +1,22 @@
+package org.jboss.seam.security.permission;
+
+import java.util.List;
+import java.util.Set;
+
+/**
+ * Permission store interface.
+ *
+ * @author Shane Bryzak
+ */
+public interface PermissionStore
+{
+ List<Permission> listPermissions(Object target);
+ List<Permission> listPermissions(Object target, String action);
+ List<Permission> listPermissions(Set<Object> targets, String action);
+ boolean grantPermission(Permission permission);
+ boolean grantPermissions(List<Permission> permissions);
+ boolean revokePermission(Permission permission);
+ boolean revokePermissions(List<Permission> permissions);
+ List<String> listAvailableActions(Object target);
+ void clearPermissions(Object target);
+}
Modified: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/JpaIdentityStore.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/JpaIdentityStore.java 2010-07-06 00:36:45 UTC (rev 13331)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/JpaIdentityStore.java 2010-07-06 01:00:46 UTC (rev 13332)
@@ -88,8 +88,7 @@
private String id;
- // Entity classes
-
+ // Entity classes
private Class<?> identityClass;
private Class<?> credentialClass;
private Class<?> relationshipClass;
Modified: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/JpaPermissionStore.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/JpaPermissionStore.java 2010-07-06 00:36:45 UTC (rev 13331)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/JpaPermissionStore.java 2010-07-06 01:00:46 UTC (rev 13332)
@@ -1,7 +1,8 @@
package org.jboss.seam.security.permission;
import java.io.Serializable;
-import java.security.Principal;
+import java.lang.reflect.Field;
+import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
@@ -16,14 +17,14 @@
import javax.persistence.EntityManager;
import javax.persistence.Query;
-import org.jboss.seam.security.annotations.permission.PermissionAction;
-import org.jboss.seam.security.annotations.permission.PermissionRecipient;
-import org.jboss.seam.security.annotations.permission.PermissionRecipientType;
-import org.jboss.seam.security.annotations.permission.PermissionRole;
-import org.jboss.seam.security.annotations.permission.PermissionTarget;
+import org.jboss.seam.security.annotations.permission.PermissionProperty;
+import org.jboss.seam.security.annotations.permission.PermissionPropertyType;
import org.jboss.seam.security.management.IdentityManager;
import org.jboss.seam.security.permission.PermissionMetadata.ActionSet;
import org.jboss.weld.extensions.util.properties.Property;
+import org.jboss.weld.extensions.util.properties.query.PropertyCriteria;
+import org.jboss.weld.extensions.util.properties.query.PropertyQueries;
+import org.picketlink.idm.spi.model.IdentityObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -39,21 +40,37 @@
private Logger log = LoggerFactory.getLogger(JpaPermissionStore.class);
- protected enum Discrimination { user, role, either }
+ private class PropertyTypeCriteria implements PropertyCriteria
+ {
+ private PermissionPropertyType pt;
+
+ public PropertyTypeCriteria(PermissionPropertyType pt)
+ {
+ this.pt = pt;
+ }
+
+ public boolean fieldMatches(Field f)
+ {
+ return f.isAnnotationPresent(PermissionProperty.class) &&
+ f.getAnnotation(PermissionProperty.class).value().equals(pt);
+ }
+
+ public boolean methodMatches(Method m)
+ {
+ return m.isAnnotationPresent(PermissionProperty.class) &&
+ m.getAnnotation(PermissionProperty.class).value().equals(pt);
+ }
+ }
+
- private Class<?> userPermissionClass;
- private Class<?> rolePermissionClass;
+ private Class<?> identityPermissionClass;
- private Property recipientProperty;
- private Property roleProperty;
+ private Property<Object> identityProperty;
+ private Property<?> relationshipTypeProperty;
+ private Property<String> relationshipNameProperty;
+ private Property<String> resourceProperty;
+ private Property<Object> permissionProperty;
- private Property<String> targetProperty;
- private Property<String> actionProperty;
- private Property<String> recipientTypeProperty;
-
- private Property<String> roleTargetProperty;
- private Property<String> roleActionProperty;
-
private Map<Integer,String> queryCache = new HashMap<Integer,String>();
private PermissionMetadata metadata;
@@ -61,7 +78,6 @@
@Inject IdentifierPolicy identifierPolicy;
@Inject BeanManager manager;
@Inject IdentityManager identityManager;
- //@Inject IdentityStore identityStore;
@Inject Instance<EntityManager> entityManagerInstance;
@@ -71,7 +87,7 @@
metadata = new PermissionMetadata();
// TODO see if we can scan for this automatically
- if (userPermissionClass == null)
+ if (identityPermissionClass == null)
{
log.debug("No permissionClass set, JpaPermissionStore will be unavailable.");
return;
@@ -82,63 +98,60 @@
protected void initProperties()
{
- /*recipientProperty = new AnnotatedBeanProperty<PermissionRecipient>(userPermissionClass, PermissionRecipient.class);
- targetProperty = new AnnotatedBeanProperty<PermissionTarget>(userPermissionClass, PermissionTarget.class);
- actionProperty = new AnnotatedBeanProperty<PermissionAction>(userPermissionClass, PermissionAction.class);
+ identityProperty = PropertyQueries.createQuery(identityPermissionClass)
+ .addCriteria(new PropertyTypeCriteria(PermissionPropertyType.IDENTITY))
+ .getFirstResult();
- if (rolePermissionClass != null)
+ if (identityProperty == null)
{
- roleProperty = new AnnotatedBeanProperty<PermissionRole>(rolePermissionClass, PermissionRole.class);
- if (roleProperty.isSet())
- {
- roleTargetProperty = new AnnotatedBeanProperty<PermissionTarget>(rolePermissionClass,
- PermissionTarget.class);
- roleActionProperty = new AnnotatedBeanProperty<PermissionAction>(rolePermissionClass,
- PermissionAction.class);
- }
+ throw new RuntimeException("Invalid identityPermissionClass " +
+ identityPermissionClass.getName() +
+ " - required annotation @PermissionProperty(IDENTITY) not found on any field or method.");
}
- else
+
+ relationshipTypeProperty = PropertyQueries.createQuery(identityPermissionClass)
+ .addCriteria(new PropertyTypeCriteria(PermissionPropertyType.RELATIONSHIP_TYPE))
+ .getFirstResult();
+
+ if (relationshipTypeProperty == null)
{
- roleProperty = new AnnotatedBeanProperty<PermissionRole>(userPermissionClass, PermissionRole.class);
- if (roleProperty.isSet())
- {
- recipientTypeProperty = new AnnotatedBeanProperty<PermissionRecipientType>(userPermissionClass,
- PermissionRecipientType.class);
- }
+ throw new RuntimeException("Invalid identityPermissionClass " +
+ identityPermissionClass.getName() +
+ " - required annotation @PermissionProperty(RELATIONSHIP_TYPE) not found on any field or method.");
}
- if (!recipientProperty.isSet())
+ relationshipNameProperty = PropertyQueries.<String>createQuery(identityPermissionClass)
+ .addCriteria(new PropertyTypeCriteria(PermissionPropertyType.RELATIONSHIP_NAME))
+ .getFirstResult();
+
+ if (relationshipNameProperty == null)
{
- throw new RuntimeException("Invalid userPermissionClass " + userPermissionClass.getName() +
- " - required annotation @PermissionUser not found on any Field or Method.");
+ throw new RuntimeException("Invalid identityPermissionClass " +
+ identityPermissionClass.getName() +
+ " - required annotation @PermissionProperty(RELATIONSHIP_NAME) not found on any field or method.");
}
-
- if (rolePermissionClass != null)
+
+ resourceProperty = PropertyQueries.<String>createQuery(identityPermissionClass)
+ .addCriteria(new PropertyTypeCriteria(PermissionPropertyType.RESOURCE))
+ .getFirstResult();
+
+ if (resourceProperty == null)
{
- if (!roleProperty.isSet())
- {
- throw new RuntimeException("Invalid rolePermissionClass " + rolePermissionClass.getName() +
- " - required annotation @PermissionRole not found on any Field or Method.");
- }
-
- if (!roleTargetProperty.isSet())
- {
- throw new RuntimeException("Invalid rolePermissionClass " + rolePermissionClass.getName() +
- " - required annotation @PermissionTarget not found on any Field or Method.");
- }
-
- if (!roleActionProperty.isSet())
- {
- throw new RuntimeException("Invalid rolePermissionClass " + rolePermissionClass.getName() +
- " - required annotation @PermissionAction not found on any Field or Method.");
- }
+ throw new RuntimeException("Invalid identityPermissionClass " +
+ identityPermissionClass.getName() +
+ " - required annotation @PermissionProperty(RESOURCE) not found on any field or method.");
}
- else if (!recipientTypeProperty.isSet())
+
+ permissionProperty = PropertyQueries.createQuery(identityPermissionClass)
+ .addCriteria(new PropertyTypeCriteria(PermissionPropertyType.PERMISSION))
+ .getFirstResult();
+
+ if (permissionProperty == null)
{
- throw new RuntimeException("Invalid userPermissionClass " + userPermissionClass.getName() +
- " - no rolePermissionClass set and @PermissionDiscriminator annotation not found on " +
- "any Field or Method");
- }*/
+ throw new RuntimeException("Invalid identityPermissionClass " +
+ identityPermissionClass.getName() +
+ " - required annotation @PermissionProperty(PERMISSION) not found on any field or method.");
+ }
}
/**
@@ -151,7 +164,7 @@
* @return Query The query generated for the provided parameters
*/
protected Query createPermissionQuery(Object target, Set<?> targets,
- Principal recipient, Discrimination discrimination)
+ IdentityObject identity)
{
if (target != null && targets != null)
{
@@ -160,27 +173,21 @@
int queryKey = (target != null) ? 1 : 0;
queryKey |= (targets != null) ? 2 : 0;
- queryKey |= (recipient != null) ? 4 : 0;
- queryKey |= (discrimination.equals(Discrimination.user) ? 8 : 0);
- queryKey |= (discrimination.equals(Discrimination.role) ? 16 : 0);
- queryKey |= (discrimination.equals(Discrimination.either) ? 32 : 0);
-
- boolean isRole = discrimination.equals(Discrimination.role);
- boolean useRoleTable = isRole && rolePermissionClass != null;
-
+ queryKey |= (identity != null) ? 4 : 0;
+
if (!queryCache.containsKey(queryKey))
{
boolean conditionsAdded = false;
StringBuilder q = new StringBuilder();
q.append("select p from ");
- q.append(useRoleTable ? rolePermissionClass.getName() : userPermissionClass.getName());
+ q.append(identityPermissionClass.getName());
q.append(" p");
if (target != null)
{
q.append(" where p.");
- q.append(useRoleTable ? roleTargetProperty.getName() : targetProperty.getName());
+ q.append(resourceProperty.getName());
q.append(" = :target");
conditionsAdded = true;
}
@@ -188,28 +195,19 @@
if (targets != null)
{
q.append(" where p.");
- q.append(useRoleTable ? roleTargetProperty.getName() : targetProperty.getName());
+ q.append(resourceProperty.getName());
q.append(" in (:targets)");
conditionsAdded = true;
}
- if (recipient != null)
+ if (identity != null)
{
q.append(conditionsAdded ? " and p." : " where p.");
- q.append(isRole ? roleProperty.getName() : recipientProperty.getName());
- q.append(" = :recipient");
+ q.append(identityProperty.getName());
+ q.append(" = :identity");
conditionsAdded = true;
}
- // If there is no discrimination, then don't add such a condition to the query
- if (!discrimination.equals(Discrimination.either) && recipientTypeProperty != null)
- {
- q.append(conditionsAdded ? " and p." : " where p.");
- q.append(recipientTypeProperty.getName());
- q.append(" = :discriminator");
- conditionsAdded = true;
- }
-
queryCache.put(queryKey, q.toString());
}
@@ -226,29 +224,22 @@
}
query.setParameter("targets", identifiers);
}
+
+ if (identity != null) query.setParameter("identity", resolveIdentityEntity(identity));
-
- if (recipient != null) query.setParameter("recipient", resolvePrincipalEntity(recipient));
-
- if (!discrimination.equals(Discrimination.either) && recipientTypeProperty != null)
- {
- query.setParameter("discriminator", getDiscriminatorValue(
- discrimination.equals(Discrimination.role)));
- }
-
return query;
}
public boolean grantPermission(Permission permission)
{
- return updatePermissionActions(permission.getTarget(), permission.getRecipient(),
- new String[] {permission.getAction()}, true);
+ return updatePermissionActions(permission.getResource(), permission.getIdentity(),
+ new String[] {permission.getPermission()}, true);
}
public boolean revokePermission(Permission permission)
{
- return updatePermissionActions(permission.getTarget(), permission.getRecipient(),
- new String[] { permission.getAction() }, false);
+ return updatePermissionActions(permission.getResource(), permission.getIdentity(),
+ new String[] { permission.getPermission() }, false);
}
/**
@@ -260,137 +251,36 @@
* @param set true if the specified actions are to be granted, false if they are to be revoked
* @return true if the operation is successful
*/
- protected boolean updatePermissionActions(Object target, Principal recipient, String[] actions,
+ protected boolean updatePermissionActions(Object resource, IdentityObject identity, String[] actions,
boolean set)
- {
- boolean recipientIsRole = false; //recipient instanceof RoleImpl;
-
+ {
try
- {
- if (recipientIsRole)
- {
- if (rolePermissionClass != null)
- {
- List<?> permissions = createPermissionQuery(target, null,
- recipient, Discrimination.role).getResultList();
+ {
+ List<?> permissions = createPermissionQuery(resource, null, identity).getResultList();
- if (permissions.isEmpty())
- {
- if (!set) return true;
-
- ActionSet actionSet = metadata.createActionSet(target.getClass(), null);
- for (String action : actions)
- {
- actionSet.add(action);
- }
-
- Object instance = rolePermissionClass.newInstance();
- roleTargetProperty.setValue(instance, identifierPolicy.getIdentifier(target));
- roleActionProperty.setValue(instance, actionSet.toString());
- roleProperty.setValue(instance, resolvePrincipalEntity(recipient));
- lookupEntityManager().persist(instance);
- return true;
- }
-
- Object instance = permissions.get(0);
-
- ActionSet actionSet = metadata.createActionSet(target.getClass(),
- roleActionProperty.getValue(instance).toString());
-
- for (String action : actions)
- {
- if (set)
- {
- actionSet.add(action);
- }
- else
- {
- actionSet.remove(action);
- }
- }
-
- if (permissions.size() > 1)
- {
- // This is where it gets a little messy.. if there is more than one permission
- // record, then we need to consolidate them all into just the first one
- for (Object p : permissions)
- {
- actionSet.addMembers(roleActionProperty.getValue(p).toString());
- if (!p.equals(instance))
- {
- lookupEntityManager().remove(p);
- }
- }
- }
-
- if (!actionSet.isEmpty())
- {
- roleActionProperty.setValue(instance, actionSet.toString());
- lookupEntityManager().merge(instance);
- }
- else
- {
- // No actions remaining in set, so just remove the record
- lookupEntityManager().remove(instance);
- }
-
- return true;
- }
-
- if (recipientTypeProperty == null)
- {
- throw new RuntimeException("Could not grant permission, rolePermissionClass not set");
- }
- }
-
- if (userPermissionClass == null)
- {
- throw new RuntimeException("Could not grant permission, userPermissionClass not set");
- }
-
- List<?> permissions = createPermissionQuery(target, null, recipient, recipientIsRole ?
- Discrimination.role : Discrimination.user).getResultList();
-
if (permissions.isEmpty())
{
if (!set) return true;
- ActionSet actionSet = metadata.createActionSet(target.getClass(), null);
+ ActionSet actionSet = metadata.createActionSet(resource.getClass(), null);
for (String action : actions)
{
actionSet.add(action);
}
- Object instance = userPermissionClass.newInstance();
- targetProperty.setValue(instance, identifierPolicy.getIdentifier(target));
- actionProperty.setValue(instance, actionSet.toString());
-
- if (recipientIsRole)
- {
- roleProperty.setValue(instance, resolvePrincipalEntity(recipient));
- }
- else
- {
- recipientProperty.setValue(instance, resolvePrincipalEntity(recipient));
- }
+ Object instance = identityPermissionClass.newInstance();
+ resourceProperty.setValue(instance, identifierPolicy.getIdentifier(resource));
+ permissionProperty.setValue(instance, actionSet.toString());
+ identityProperty.setValue(instance, resolveIdentityEntity(identity));
- if (recipientTypeProperty != null)
- {
- PermissionRecipientType discriminator = recipientTypeProperty
- .getAnnotatedElement().getAnnotation(PermissionRecipientType.class);
- // TODO need to populate the correct recipient type
- //recipientTypeProperty.setValue(instance, recipientIsRole ? discriminator.roleValue() :
- // discriminator.userValue());
- }
-
lookupEntityManager().persist(instance);
return true;
}
Object instance = permissions.get(0);
- ActionSet actionSet = metadata.createActionSet(target.getClass(),
- actionProperty.getValue(instance).toString());
+ ActionSet actionSet = metadata.createActionSet(resource.getClass(),
+ permissionProperty.getValue(instance).toString());
for (String action : actions)
{
@@ -409,7 +299,7 @@
// Same as with roles, consolidate the records if there is more than one
for (Object p : permissions)
{
- actionSet.addMembers(actionProperty.getValue(p).toString());
+ actionSet.addMembers(permissionProperty.getValue(p).toString());
if (!p.equals(instance))
{
lookupEntityManager().remove(p);
@@ -419,7 +309,7 @@
if (!actionSet.isEmpty())
{
- actionProperty.setValue(instance, actionSet.toString());
+ permissionProperty.setValue(instance, actionSet.toString());
lookupEntityManager().merge(instance);
}
else
@@ -439,18 +329,18 @@
public boolean grantPermissions(List<Permission> permissions)
{
// Target/Recipient/Action map
- Map<Object,Map<Principal,List<Permission>>> groupedPermissions = groupPermissions(permissions);
+ Map<Object,Map<IdentityObject,List<Permission>>> groupedPermissions = groupPermissions(permissions);
- for (Object target : groupedPermissions.keySet())
+ for (Object resource : groupedPermissions.keySet())
{
- Map<Principal,List<Permission>> recipientPermissions = groupedPermissions.get(target);
+ Map<IdentityObject,List<Permission>> recipientPermissions = groupedPermissions.get(resource);
- for (Principal recipient : recipientPermissions.keySet())
+ for (IdentityObject recipient : recipientPermissions.keySet())
{
List<Permission> ps = recipientPermissions.get(recipient);
String[] actions = new String[ps.size()];
- for (int i = 0; i < ps.size(); i++) actions[i] = ps.get(i).getAction();
- updatePermissionActions(target, recipient, actions, true);
+ for (int i = 0; i < ps.size(); i++) actions[i] = ps.get(i).getPermission();
+ updatePermissionActions(resource, recipient, actions, true);
}
}
@@ -460,18 +350,18 @@
public boolean revokePermissions(List<Permission> permissions)
{
// Target/Recipient/Action map
- Map<Object,Map<Principal,List<Permission>>> groupedPermissions = groupPermissions(permissions);
+ Map<Object,Map<IdentityObject,List<Permission>>> groupedPermissions = groupPermissions(permissions);
for (Object target : groupedPermissions.keySet())
{
- Map<Principal,List<Permission>> recipientPermissions = groupedPermissions.get(target);
+ Map<IdentityObject,List<Permission>> recipientPermissions = groupedPermissions.get(target);
- for (Principal recipient : recipientPermissions.keySet())
+ for (IdentityObject identity : recipientPermissions.keySet())
{
- List<Permission> ps = recipientPermissions.get(recipient);
+ List<Permission> ps = recipientPermissions.get(identity);
String[] actions = new String[ps.size()];
- for (int i = 0; i < ps.size(); i++) actions[i] = ps.get(i).getAction();
- updatePermissionActions(target, recipient, actions, false);
+ for (int i = 0; i < ps.size(); i++) actions[i] = ps.get(i).getPermission();
+ updatePermissionActions(target, identity, actions, false);
}
}
@@ -484,106 +374,46 @@
* @param permissions The list of permissions to group
* @return
*/
- private Map<Object,Map<Principal,List<Permission>>> groupPermissions(List<Permission> permissions)
+ private Map<Object,Map<IdentityObject,List<Permission>>> groupPermissions(List<Permission> permissions)
{
// Target/Recipient/Action map
- Map<Object,Map<Principal,List<Permission>>> groupedPermissions = new HashMap<Object,Map<Principal,List<Permission>>>();
+ Map<Object,Map<IdentityObject,List<Permission>>> groupedPermissions = new HashMap<Object,Map<IdentityObject,List<Permission>>>();
for (Permission permission : permissions)
{
- if (!groupedPermissions.containsKey(permission.getTarget()))
+ if (!groupedPermissions.containsKey(permission.getResource()))
{
- groupedPermissions.put(permission.getTarget(), new HashMap<Principal,List<Permission>>());
+ groupedPermissions.put(permission.getResource(), new HashMap<IdentityObject,List<Permission>>());
}
- Map<Principal,List<Permission>> recipientPermissions = groupedPermissions.get(permission.getTarget());
- if (!recipientPermissions.containsKey(permission.getRecipient()))
+ Map<IdentityObject,List<Permission>> recipientPermissions = groupedPermissions.get(permission.getResource());
+ if (!recipientPermissions.containsKey(permission.getIdentity()))
{
List<Permission> perms = new ArrayList<Permission>();
perms.add(permission);
- recipientPermissions.put(permission.getRecipient(), perms);
+ recipientPermissions.put(permission.getIdentity(), perms);
}
else
{
- recipientPermissions.get(permission.getRecipient()).add(permission);
+ recipientPermissions.get(permission.getIdentity()).add(permission);
}
}
return groupedPermissions;
}
-
- private String getDiscriminatorValue(boolean isRole)
- {
- PermissionRecipientType discriminator = recipientTypeProperty
- .getAnnotatedElement().getAnnotation(PermissionRecipientType.class);
- // TODO fix
- //return isRole ? discriminator.roleValue() : discriminator.userValue();
- return null;
- }
/**
- * If the user or role properties in the entity class refer to other entities, then this method
- * uses the JpaIdentityStore (if available) to lookup that user or role entity. Otherwise it
- * simply returns the name of the recipient.
*
* @param recipient
* @return The entity or name representing the permission recipient
*/
- protected Object resolvePrincipalEntity(Principal recipient)
+ protected Object resolveIdentityEntity(IdentityObject identity)
{
- boolean recipientIsRole = false; //recipient instanceof RoleImpl;
-
- //if (identityManager.getIdentityStore() != null //&&
- //identityManager.getIdentityStore() instanceof JpaIdentityStore)
- // )
- {
- // TODO review this code
-
- if (recipientIsRole && roleProperty != null //&&
- //roleProperty.getPropertyType().equals(config.getRoleEntityClass()))
- )
- {
- // TODO re-enable this
- //return ((JpaIdentityStore) identityManager.getIdentityStore()).lookupRole(recipient.getName());
- return null;
- }
- //else if (userProperty.getPropertyType().equals(config.getUserEntityClass()))
- //{
- //return ((JpaIdentityStore) identityStore).lookupUser(recipient.getName());
- //}
- }
+ // TODO implement this method (we already know the identity's entity class)
- return recipient.getName();
+ return identity.getName();
}
- protected Principal resolvePrincipal(Object principal, boolean isUser)
- {
- // TODO review this
-
- /*
- if (principal instanceof String)
- {
- return isUser ? new SimplePrincipal((String) principal) : new Role((String) principal,
- identityStore == null ? false : identityStore.isRoleConditional((String) principal));
- }
-
- if (identityStore != null)
- {
- if (isUser && config.getUserEntityClass().isAssignableFrom(principal.getClass()))
- {
- return new SimplePrincipal(identityStore.getUserName(principal));
- }
-
- if (!isUser && config.getRoleEntityClass().isAssignableFrom(principal.getClass()))
- {
- String name = identityStore.getRoleName(principal);
- return new Role(name, identityStore.isRoleConditional(name));
- }
- }*/
-
- throw new IllegalArgumentException("Cannot resolve principal name for principal " + principal);
- }
-
/**
* Returns a list of all user and role permissions for the specified action for all specified target objects
*/
@@ -601,9 +431,11 @@
return listPermissions(target, null, action);
}
- protected List<Permission> listPermissions(Object target, Set<Object> targets, String action)
+ protected List<Permission> listPermissions(Object resource, Set<Object> targets, String action)
{
- if (target != null && targets != null)
+ if (identityPermissionClass == null) return null;
+
+ if (resource != null && targets != null)
{
throw new IllegalArgumentException("Cannot specify both target and targets");
}
@@ -614,15 +446,11 @@
// First query for user permissions
Query permissionQuery = targets != null ?
- createPermissionQuery(null, targets, null, Discrimination.either) :
- createPermissionQuery(target, null, null, Discrimination.either);
+ createPermissionQuery(null, targets, null) :
+ createPermissionQuery(resource, null, null);
List<?> userPermissions = permissionQuery.getResultList();
-
- Map<String,Principal> principalCache = new HashMap<String,Principal>();
-
- boolean useDiscriminator = rolePermissionClass == null && recipientTypeProperty != null;
-
+
Map<String,Object> identifierCache = null;
if (targets != null)
@@ -642,7 +470,7 @@
if (targets != null)
{
//target = identifierCache.get(targetProperty.getValue(permission));
- if (target != null)
+ if (resource != null)
{
//actionSet = metadata.createActionSet(target.getClass(),
// actionProperty.getValue(permission).toString());
@@ -654,102 +482,27 @@
// actionProperty.getValue(permission).toString());
}
- if (target != null && (action == null || (actionSet != null && actionSet.contains(action))))
- {
- boolean isUser = true;
+ if (resource != null && (action == null || (actionSet != null && actionSet.contains(action))))
+ {
+ // FIXME
+ IdentityObject identity = null; //lookupPrincipal(principalCache, permission);
- // TODO fix
- if (useDiscriminator //&&
- //recipientTypeProperty.getAnnotation().roleValue().equals(
- // recipientTypeProperty.getValue(permission)))
- )
- {
- isUser = false;
- }
-
- Principal principal = lookupPrincipal(principalCache, permission, isUser);
-
if (action != null)
{
- permissions.add(new Permission(target, action, principal));
+ permissions.add(new Permission(resource, action, identity));
}
else
{
for (String a : actionSet.members())
{
- permissions.add(new Permission(target, a, principal));
+ permissions.add(new Permission(resource, a, identity));
}
}
}
}
-
- // If we have a separate class for role permissions, then query them now
- if (rolePermissionClass != null)
- {
- permissionQuery = targets != null ?
- createPermissionQuery(null, targets, null, Discrimination.role) :
- createPermissionQuery(target, null, null, Discrimination.role);
- List<?> rolePermissions = permissionQuery.getResultList();
-
- for (Object permission : rolePermissions)
- {
- ActionSet actionSet = null;
- if (targets != null)
- {
- //target = identifierCache.get(roleTargetProperty.getValue(permission));
- if (target != null)
- {
- //actionSet = metadata.createActionSet(target.getClass(),
- // roleActionProperty.getValue(permission).toString());
- }
- }
- else
- {
- //actionSet = metadata.createActionSet(target.getClass(),
- // roleActionProperty.getValue(permission).toString());
- }
-
- if (target != null && (action == null || (actionSet != null && actionSet.contains(action))))
- {
- Principal principal = lookupPrincipal(principalCache, permission, false);
-
- if (action != null)
- {
- permissions.add(new Permission(target, action, principal));
- }
- else
- {
- for (String a : actionSet.members())
- {
- permissions.add(new Permission(target, a, principal));
- }
- }
- }
- }
- }
-
return permissions;
}
-
- private Principal lookupPrincipal(Map<String,Principal> cache, Object permission, boolean isUser)
- {
- Principal principal = null; //resolvePrincipal(isUser ? recipientProperty.getValue(permission) :
- //roleProperty.getValue(permission), isUser);
-
- String key = (isUser ? "u:" : "r:") + principal.getName();
-
- if (!cache.containsKey(key))
- {
- cache.put(key, principal);
- }
- else
- {
- principal = cache.get(key);
- }
-
- return principal;
- }
public List<Permission> listPermissions(Object target)
{
@@ -766,44 +519,25 @@
return entityManagerInstance.get();
}
- public Class<?> getUserPermissionClass()
+ public Class<?> getIdentityPermissionClass()
{
- return userPermissionClass;
+ return identityPermissionClass;
}
- public void setUserPermissionClass(Class<?> userPermissionClass)
+ public void setIdentityPermissionClass(Class<?> identityPermissionClass)
{
- this.userPermissionClass = userPermissionClass;
+ this.identityPermissionClass = identityPermissionClass;
}
- public Class<?> getRolePermissionClass()
+ public void clearPermissions(Object resource)
{
- return rolePermissionClass;
- }
-
- public void setRolePermissionClass(Class<?> rolePermissionClass)
- {
- this.rolePermissionClass = rolePermissionClass;
- }
-
- public void clearPermissions(Object target)
- {
EntityManager em = lookupEntityManager();
- String identifier = identifierPolicy.getIdentifier(target);
+ String identifier = identifierPolicy.getIdentifier(resource);
em.createQuery(
- "delete from " + userPermissionClass.getName() + " p where p." +
- targetProperty.getName() + " = :target")
- .setParameter("target", identifier)
- .executeUpdate();
-
- if (rolePermissionClass != null)
- {
- em.createQuery(
- "delete from " + rolePermissionClass.getName() + " p where p." +
- roleTargetProperty.getName() + " = :target")
- .setParameter("target", identifier)
- .executeUpdate();
- }
+ "delete from " + identityPermissionClass.getName() + " p where p." +
+ resourceProperty.getName() + " = :resource")
+ .setParameter("resource", identifier)
+ .executeUpdate();
}
}
Deleted: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/Permission.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/Permission.java 2010-07-06 00:36:45 UTC (rev 13331)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/Permission.java 2010-07-06 01:00:46 UTC (rev 13332)
@@ -1,38 +0,0 @@
-package org.jboss.seam.security.permission;
-
-import java.io.Serializable;
-import java.security.Principal;
-
-/**
- * Represents a single permission for a particular target, action and recipient combination.
- *
- * @author Shane Bryzak
- */
-public class Permission implements Serializable
-{
- private Object target;
- private String action;
- private Principal recipient;
-
- public Permission(Object target, String action, Principal recipient)
- {
- this.target = target;
- this.action = action;
- this.recipient = recipient;
- }
-
- public Object getTarget()
- {
- return target;
- }
-
- public String getAction()
- {
- return action;
- }
-
- public Principal getRecipient()
- {
- return recipient;
- }
-}
Modified: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/PermissionManager.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/PermissionManager.java 2010-07-06 00:36:45 UTC (rev 13331)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/PermissionManager.java 2010-07-06 01:00:46 UTC (rev 13332)
@@ -56,7 +56,7 @@
public boolean grantPermission(Permission permission)
{
- identity.checkPermission(permission.getTarget(), PERMISSION_GRANT);
+ identity.checkPermission(permission.getResource(), PERMISSION_GRANT);
return permissionStore.grantPermission(permission);
}
@@ -64,14 +64,14 @@
{
for (Permission permission : permissions)
{
- identity.checkPermission(permission.getTarget(), PERMISSION_GRANT);
+ identity.checkPermission(permission.getResource(), PERMISSION_GRANT);
}
return permissionStore.grantPermissions(permissions);
}
public boolean revokePermission(Permission permission)
{
- identity.checkPermission(permission.getTarget(), PERMISSION_REVOKE);
+ identity.checkPermission(permission.getResource(), PERMISSION_REVOKE);
return permissionStore.revokePermission(permission);
}
@@ -79,7 +79,7 @@
{
for (Permission permission : permissions)
{
- identity.checkPermission(permission.getTarget(), PERMISSION_REVOKE);
+ identity.checkPermission(permission.getResource(), PERMISSION_REVOKE);
}
return permissionStore.revokePermissions(permissions);
}
Modified: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/PermissionMetadata.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/PermissionMetadata.java 2010-07-06 00:36:45 UTC (rev 13331)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/PermissionMetadata.java 2010-07-06 01:00:46 UTC (rev 13332)
@@ -19,10 +19,10 @@
*/
public class PermissionMetadata
{
- private Map<Class,Boolean> usesActionMask = new HashMap<Class,Boolean>();
- private Map<Class,Map<String,Long>> classActions = new HashMap<Class,Map<String,Long>>();
+ private Map<Class<?>,Boolean> usesActionMask = new HashMap<Class<?>,Boolean>();
+ private Map<Class<?>,Map<String,Long>> classActions = new HashMap<Class<?>,Map<String,Long>>();
- private synchronized void initClassActions(Class cls)
+ private synchronized void initClassActions(Class<?> cls)
{
if (!classActions.containsKey(cls))
{
@@ -86,9 +86,9 @@
protected class ActionSet
{
private Set<String> members = new HashSet<String>();
- private Class targetClass;
+ private Class<?> targetClass;
- public ActionSet(Class targetClass, String members)
+ public ActionSet(Class<?> targetClass, String members)
{
this.targetClass = targetClass;
addMembers(members);
@@ -179,14 +179,14 @@
}
}
- public ActionSet createActionSet(Class targetClass, String members)
+ public ActionSet createActionSet(Class<?> targetClass, String members)
{
if (!classActions.containsKey(targetClass)) initClassActions(targetClass);
return new ActionSet(targetClass, members);
}
- public List<String> listAllowableActions(Class targetClass)
+ public List<String> listAllowableActions(Class<?> targetClass)
{
if (!classActions.containsKey(targetClass)) initClassActions(targetClass);
Deleted: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/PermissionStore.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/PermissionStore.java 2010-07-06 00:36:45 UTC (rev 13331)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/PermissionStore.java 2010-07-06 01:00:46 UTC (rev 13332)
@@ -1,22 +0,0 @@
-package org.jboss.seam.security.permission;
-
-import java.util.List;
-import java.util.Set;
-
-/**
- * Permission store interface.
- *
- * @author Shane Bryzak
- */
-public interface PermissionStore
-{
- List<Permission> listPermissions(Object target);
- List<Permission> listPermissions(Object target, String action);
- List<Permission> listPermissions(Set<Object> targets, String action);
- boolean grantPermission(Permission permission);
- boolean grantPermissions(List<Permission> permissions);
- boolean revokePermission(Permission permission);
- boolean revokePermissions(List<Permission> permissions);
- List<String> listAvailableActions(Object target);
- void clearPermissions(Object target);
-}
Modified: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/PersistentPermissionResolver.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/PersistentPermissionResolver.java 2010-07-06 00:36:45 UTC (rev 13331)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/PersistentPermissionResolver.java 2010-07-06 01:00:46 UTC (rev 13332)
@@ -48,8 +48,8 @@
for (Permission permission : permissions)
{
- if (permission.getRecipient() instanceof SimplePrincipal &&
- username.equals(permission.getRecipient().getName()))
+ if (permission.getIdentity() instanceof SimplePrincipal &&
+ username.equals(permission.getIdentity().getName()))
{
return true;
}
@@ -90,10 +90,10 @@
for (Permission permission : permissions)
{
- if (permission.getTarget().equals(target))
+ if (permission.getResource().equals(target))
{
- if (permission.getRecipient() instanceof SimplePrincipal &&
- username.equals(permission.getRecipient().getName()))
+ if (permission.getIdentity() instanceof SimplePrincipal &&
+ username.equals(permission.getIdentity().getName()))
{
iter.remove();
break;
Modified: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/action/PermissionSearch.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/action/PermissionSearch.java 2010-07-06 00:36:45 UTC (rev 13331)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/action/PermissionSearch.java 2010-07-06 01:00:46 UTC (rev 13332)
@@ -15,6 +15,7 @@
import org.jboss.seam.security.management.IdentityManager;
import org.jboss.seam.security.permission.Permission;
import org.jboss.seam.security.permission.PermissionManager;
+import org.picketlink.idm.spi.model.IdentityObject;
@Named
@ConversationScoped
@@ -22,11 +23,11 @@
{
private static final long serialVersionUID = 2802038930768758665L;
- private Map<Principal,List<Permission>> groupedPermissions = new HashMap<Principal,List<Permission>>();
+ private Map<IdentityObject,List<Permission>> groupedPermissions = new HashMap<IdentityObject,List<Permission>>();
//@DataModel(scope = ConversationScoped.class)
- List<Principal> recipients;
+ List<IdentityObject> recipients;
//@DataModelSelection
Principal selectedRecipient;
@@ -52,20 +53,20 @@
{
List<Permission> recipientPermissions = null;
- if (!groupedPermissions.containsKey(permission.getRecipient()))
+ if (!groupedPermissions.containsKey(permission.getIdentity()))
{
recipientPermissions = new ArrayList<Permission>();
- groupedPermissions.put(permission.getRecipient(), recipientPermissions);
+ groupedPermissions.put(permission.getIdentity(), recipientPermissions);
}
else
{
- recipientPermissions = groupedPermissions.get(permission.getRecipient());
+ recipientPermissions = groupedPermissions.get(permission.getIdentity());
}
recipientPermissions.add(permission);
}
- recipients = new ArrayList<Principal>(groupedPermissions.keySet());
+ recipients = new ArrayList<IdentityObject>(groupedPermissions.keySet());
}
public String getActions(Principal recipient)
@@ -75,7 +76,7 @@
for (Permission permission : groupedPermissions.get(recipient))
{
if (sb.length() > 0) sb.append(", ");
- sb.append(permission.getAction());
+ sb.append(permission.getPermission());
}
return sb.toString();
13 years, 10 months
Seam SVN: r13331 - branches/community/Seam_2_2/doc/Seam_Reference_Guide/en-US.
by seam-commits@lists.jboss.org
Author: denis.forveille
Date: 2010-07-05 20:36:45 -0400 (Mon, 05 Jul 2010)
New Revision: 13331
Modified:
branches/community/Seam_2_2/doc/Seam_Reference_Guide/en-US/Websphere.xml
Log:
Make this chapter appear correctly in HTML + light refresh
JBSEAM-4671
Modified: branches/community/Seam_2_2/doc/Seam_Reference_Guide/en-US/Websphere.xml
===================================================================
--- branches/community/Seam_2_2/doc/Seam_Reference_Guide/en-US/Websphere.xml 2010-07-06 00:04:23 UTC (rev 13330)
+++ branches/community/Seam_2_2/doc/Seam_Reference_Guide/en-US/Websphere.xml 2010-07-06 00:36:45 UTC (rev 13331)
@@ -27,8 +27,8 @@
<ulink url="http://www.ibm.com/developerworks/downloads/ws/was"> WebSphere Application Server V7</ulink>
</para>
<para>
- WebSphere v7.0.0.5 is the minimal recommended version of WebSphere v7 to use
- with Seam. Earlier versions of WebSphere have bugs in the EJB container that will
+ WebSphere v7.0.0.5 is the minimal version of WebSphere v7 to use
+ with Seam. WAS v7.0.0.9 is highly recommended. Earlier versions of WebSphere have bugs in the EJB container that will
cause various exceptions to occur at runtime.
</para>
@@ -43,9 +43,10 @@
<para>
This is a bug in WebSphere v7.0.0.5. WebSphere does not conform to the EJB 3.0 specs
as it does not allow to perform a lookup on "java:comp/EJBContext" in callback methods.
- This problem is associated with APAR PK98746 at IBM.
- IBM plans to include the fix with v7.0.0.9.In the meantime, an eFix for this APAR can be requested to IBM.
</para>
+ <para>
+ This problem is associated with APAR PK98746 at IBM and is corrected in v7.0.0.9.
+ </para>
</listitem>
</varlistentry>
@@ -59,8 +60,9 @@
necessary and performs the correct actions in these cases. The problem is that even if the exception is handled by Seam,
WebSphere prints the traceback of the exception in SystemOut.
Those messages are harmless and can safely be ignored.
- This problem is associated with APAR PK97995 at IBM.
- They plan to provides a fix with v7.0.0.9 that will suppress the print of those tracebacks if the exception is catched by the application.
+ </para>
+ <para>
+ This problem is associated with APAR PK97995 at IBM and is corrected in v7.0.0.9.
</para>
</listitem>
</varlistentry>
@@ -129,16 +131,16 @@
<para>
In order to use component injection, Seam needs to know how to lookup for session beans bound to the JNDI name space.
Seam provides two mechanisms to configure the way it will search for such resources:
- <itemizedlist><listitem>The global <literal>jndi-pattern</literal> switch on the <literal><core:init></literal>tag in <literal>components.xml</literal>.
- The switch can use a special placeholder "<literal>#{ejbName}</literal>" that resolves to the unqualified name of the EJB
- </listitem>
- <listitem>
- <para>
- The <literal>@JndiName</literal> annotation
- </para>
- </listitem>
- </itemizedlist>
</para>
+ <itemizedlist>
+ <listitem>
+ The global <literal>jndi-pattern</literal> switch on the <literal><core:init></literal>tag in <literal>components.xml</literal>.
+ The switch can use a special placeholder "<literal>#{ejbName}</literal>" that resolves to the unqualified name of the EJB
+ </listitem>
+ <listitem>
+ The <literal>@JndiName</literal> annotation
+ </listitem>
+ </itemizedlist>
<para>
<xref linkend="config.integration.ejb.container"/> gives detailed explanations on how those mechanisms work.
</para>
@@ -154,35 +156,33 @@
<para>
As explained before, Seam needs to lookup for session bean as they appear in JNDI.
Basically, there are three strategies, in order of complexity:
- <itemizedlist><listitem>Specify which JNDI name Seam must use for each session bean using the <literal>@JndiName</literal> annotation in the java source file,
- </listitem>
- <listitem>
- Override the default session bean names generated by WebSphere to conform to the <literal>jndi-pattern</literal> attribute,
- </listitem>
- <listitem>
- Use EJB references.
- </listitem>
- </itemizedlist>
</para>
+ <itemizedlist>
+ <listitem>
+ Specify which JNDI name Seam must use for each session bean using the <literal>@JndiName</literal> annotation in the java source file,
+ </listitem>
+ <listitem>
+ Override the default session bean names generated by WebSphere to conform to the <literal>jndi-pattern</literal> attribute,
+ </listitem>
+ <listitem>
+ Use EJB references.
+ </listitem>
+ </itemizedlist>
<section id="was.strategy1">
<title>Strategy 1: Specify which JNDI name Seam must use for each Session Bean</title>
- <para>
- This strategy is the simplest and fastest one regarding development. It uses the WebSphere v7 default binding mechanism. To use this strategy:
- <itemizedlist>
- <listitem>
- Add a <literal>@JndiName("ejblocal:<package.qualified.local.interface.name>)</literal> annotation to each session bean that is a Seam component.
- </listitem>
- <listitem>
- <para>
- In <literal>components.xml</literal>, add the following line:
- <programlisting role="XML"><![CDATA[<core:init jndi-name="java:comp/env/#{ejbName}" />]]></programlisting>
- </para>
- </listitem>
- <listitem>
- <para >
- Add a file named <literal>WEB-INF/classes/seam-jndi.properties</literal> in the web module with the following content:
- <programlisting>com.ibm.websphere.naming.hostname.normalizer=com.ibm.ws.naming.util.DefaultHostnameNormalizer
+ This strategy is the simplest and fastest one regarding development. It uses the WebSphere v7 default binding mechanism. To use this strategy:
+ <itemizedlist>
+ <listitem>
+ Add a <literal>@JndiName("ejblocal:<package.qualified.local.interface.name>)</literal> annotation to each session bean that is a Seam component.
+ </listitem>
+ <listitem>
+ In <literal>components.xml</literal>, add the following line:
+ <programlisting language="xml" role="XML"><![CDATA[<core:init jndi-name="java:comp/env/#{ejbName}" />]]></programlisting>
+ </listitem>
+ <listitem>
+ Add a file named <literal>WEB-INF/classes/seam-jndi.properties</literal> in the web module with the following content:
+ <programlisting>com.ibm.websphere.naming.hostname.normalizer=com.ibm.ws.naming.util.DefaultHostnameNormalizer
java.naming.factory.initial=com.ibm.websphere.naming.WsnInitialContextFactory
com.ibm.websphere.naming.name.syntax=jndi
com.ibm.websphere.naming.namespace.connection=lazy
@@ -195,21 +195,17 @@
com.ibm.websphere.naming.jndicache.cachename=providerURL
java.naming.provider.url=corbaloc:rir:/NameServiceServerRoot
java.naming.factory.url.pkgs=com.ibm.ws.runtime:com.ibm.ws.naming</programlisting>
- </para>
- </listitem>
- <listitem>
- <para>
- At the end of <literal>web.xml</literal>, add the following lines:
- <programlisting role="XML"><![CDATA[<ejb-local-ref>
+ </listitem>
+ <listitem>
+ At the end of <literal>web.xml</literal>, add the following lines:
+ <programlisting role="XML"><![CDATA[<ejb-local-ref>
<ejb-ref-name>EjbSynchronizations</ejb-ref-name>
<ejb-ref-type>Session</ejb-ref-type>
<local-home></local-home>
<local>org.jboss.seam.transaction.LocalEjbSynchronizations</local>
</ejb-local-ref>]]></programlisting>
- </para>
- </listitem>
- </itemizedlist>
- </para>
+ </listitem>
+ </itemizedlist>
<para>
That's all folks! No need to update any file during the development, nor to define any EJB to EJB or web to EJB reference!
</para>
@@ -225,11 +221,11 @@
However, WebSphere provides a way to override the name of each bean.
<para>
To use this strategy:
- <itemizedlist>
- <listitem>
- <para>
- Add a file named <literal>META-INF/ibm-ejb-jar-ext.xml</literal> in the EJB module and add an entry for each session bean like this:
- <programlisting role="XML"><![CDATA[<?xml version="1.0" encoding="UTF-8"?>
+ </para>
+ <itemizedlist>
+ <listitem>
+ Add a file named <literal>META-INF/ibm-ejb-jar-ext.xml</literal> in the EJB module and add an entry for each session bean like this:
+ <programlisting role="XML"><![CDATA[<?xml version="1.0" encoding="UTF-8"?>
<ejb-jar-bnd
xmlns="http://websphere.ibm.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
@@ -241,33 +237,25 @@
<session name="BookingListAction" simple-binding-name="BookingListAction" />
</ejb-jar-bnd>]]></programlisting>
- WebSphere will then bind the <literal>AuthenticatorAction</literal> EJB to the <literal>ejblocal:AuthenticatorAction</literal> JNDI name
- </para>
- </listitem>
- <listitem>
- <para>
- In <literal>components.xml</literal>, add the following line:
- <programlisting role="XML"><![CDATA[<core:init jndi-name="ejblocal:#{ejbName}" />]]></programlisting>
- </para>
- </listitem>
- <listitem>
- <para>
- Add a file named <literal>WEB-INF/classes/seam-jndi.properties</literal> as described in strategy 1
- </para>
- </listitem>
- <listitem>
- <para>
- In <literal>web.xml</literal>, add the following lines (Note the different <literal>ejb-ref-name</literal> value):
- <programlisting role="XML"><![CDATA[<ejb-local-ref>
+ WebSphere will then bind the <literal>AuthenticatorAction</literal> EJB to the <literal>ejblocal:AuthenticatorAction</literal> JNDI name
+ </listitem>
+ <listitem>
+ In <literal>components.xml</literal>, add the following line:
+ <programlisting role="XML"><![CDATA[<core:init jndi-name="ejblocal:#{ejbName}" />]]></programlisting>
+ </listitem>
+ <listitem>
+ Add a file named <literal>WEB-INF/classes/seam-jndi.properties</literal> as described in strategy 1
+ </listitem>
+ <listitem>
+ In <literal>web.xml</literal>, add the following lines (Note the different <literal>ejb-ref-name</literal> value):
+ <programlisting role="XML"><![CDATA[<ejb-local-ref>
<ejb-ref-name>ejblocal:EjbSynchronizations</ejb-ref-name>
<ejb-ref-type>Session</ejb-ref-type>
<local-home></local-home>
<local>org.jboss.seam.transaction.LocalEjbSynchronizations</local>
</ejb-local-ref>]]></programlisting>
- </para>
- </listitem>
- </itemizedlist>
- </para>
+ </listitem>
+ </itemizedlist>
<para>
Compared to the first strategy, this strategy requires to maintain an extra file
(<literal>META-INF/ibm-ejb-jar-ext.xml</literal>),
@@ -285,9 +273,7 @@
<programlisting role="XML"><![CDATA[<core:init jndi-name="java:comp/env/#{ejbName}" />]]></programlisting>
</listitem>
<listitem>
- <para>
- Follow the instructions in <xref linkend="config.integration.ejb.container"/> to declare the references from web to EJB and from EJB to EJB
- </para>
+ Follow the instructions in <xref linkend="config.integration.ejb.container"/> to declare the references from web to EJB and from EJB to EJB
</listitem>
</itemizedlist>
<para>
@@ -302,7 +288,6 @@
<section id="websphere-timeout-section">
<title>Configuring timeouts for Stateful Session Beans</title>
- <para>
A timeout value has to be set for each stateful session bean used in the application because stateful bean must not expire in WebSphere while Seam
might still need them.
At the time of writing this document, WebSphere does not provide a way to configure a global timeout at neither the cluster,
@@ -320,7 +305,6 @@
<session name="ChangePasswordAction"><time-out value="605"/></session>
</ejb-jar-ext>]]></programlisting>
- </para>
<para>
The <literal>time-out</literal> is expressed in seconds and must be higher than the Seam conversation expiration timeout
and a few minutes higher than the user's HTTP session timeout (The session expiration timeout can trigger a few minutes
@@ -363,16 +347,14 @@
The steps below are for the WAS version stated above.The ports are the default values, if you changed them, you must substitute the values.
<orderedlist>
<listitem>
- Log in to the administration console
- <programlisting><![CDATA[http://localhost:9060/admin]]></programlisting>
- Enter your userid annd/or your password if security is enabled for the console.
+ Log in to the administration console
+ <programlisting><![CDATA[http://localhost:9060/admin]]></programlisting>
+ Enter your userid annd/or your password if security is enabled for the console.
</listitem>
<listitem>
- <para>
- Go to the <literal>WebSphere enterprise applications</literal> menu option under the <literal>Applications --> Application Type</literal>
- left side menu.
- </para>
+ Go to the <literal>WebSphere enterprise applications</literal> menu option under the <literal>Applications --> Application Type</literal>
+ left side menu.
</listitem>
<listitem>
@@ -414,7 +396,7 @@
<itemizedlist>
<listitem>
<para>
- Select the <literal>Deploy enterprise beans and Allow EJB reference targets to resolve automatically</literal>
+ Select the "<literal>Allow EJB reference targets to resolve automatically</literal>"
check boxes at the bottom of the page. This will let WebSphere use its simplified JNDI reference mapping.
</para>
</listitem>
13 years, 10 months
Seam SVN: r13330 - in modules/security/trunk/examples/idmconsole/src/main: webapp/WEB-INF and 1 other directory.
by seam-commits@lists.jboss.org
Author: shane.bryzak(a)jboss.com
Date: 2010-07-05 20:04:23 -0400 (Mon, 05 Jul 2010)
New Revision: 13330
Added:
modules/security/trunk/examples/idmconsole/src/main/java/org/jboss/seam/security/examples/idmconsole/model/IdentityPermission.java
Modified:
modules/security/trunk/examples/idmconsole/src/main/webapp/WEB-INF/beans.xml
Log:
initial config for acl based permissions
Added: modules/security/trunk/examples/idmconsole/src/main/java/org/jboss/seam/security/examples/idmconsole/model/IdentityPermission.java
===================================================================
--- modules/security/trunk/examples/idmconsole/src/main/java/org/jboss/seam/security/examples/idmconsole/model/IdentityPermission.java (rev 0)
+++ modules/security/trunk/examples/idmconsole/src/main/java/org/jboss/seam/security/examples/idmconsole/model/IdentityPermission.java 2010-07-06 00:04:23 UTC (rev 13330)
@@ -0,0 +1,129 @@
+package org.jboss.seam.security.examples.idmconsole.model;
+
+import java.io.Serializable;
+
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.Id;
+import javax.persistence.ManyToOne;
+import javax.validation.constraints.NotNull;
+
+/**
+ * This entity stores ACL permissions
+ *
+ * @author Shane Bryzak
+ */
+@Entity
+public class IdentityPermission implements Serializable
+{
+ private static final long serialVersionUID = -5366058398015495583L;
+
+ private Long id;
+ private IdentityObject identityObject;
+ private IdentityObjectRelationshipType relationshipType;
+ private String relationshipName;
+ private String resource;
+ private String permission;
+
+ /**
+ * Surrogate primary key value of the permission.
+ * @return
+ */
+ @Id @GeneratedValue
+ public Long getId()
+ {
+ return id;
+ }
+
+ public void setId(Long id)
+ {
+ this.id = id;
+ }
+
+ /**
+ * Either the specific identity object for which this permission is granted,
+ * or in the case of a permission granted against a group, this property
+ * then represents the "to" side of the group relationship. Required field.
+ *
+ * @return
+ */
+ @NotNull @ManyToOne
+ public IdentityObject getIdentityObject()
+ {
+ return identityObject;
+ }
+
+ public void setIdentityObject(IdentityObject identityObject)
+ {
+ this.identityObject = identityObject;
+ }
+
+ /**
+ * If this permission is granted to a group of identities, then this property may
+ * be used to indicate the relationship type of the group membership. For example,
+ * a group or role relationship. It is possible that the permission may also be
+ * granted to identities that have *any* sort of membership within a group, in
+ * which case this property would be null.
+ *
+ * @return
+ */
+ @ManyToOne
+ public IdentityObjectRelationshipType getRelationshipType()
+ {
+ return relationshipType;
+ }
+
+ public void setRelationshipType(IdentityObjectRelationshipType relationshipType)
+ {
+ this.relationshipType = relationshipType;
+ }
+
+ /**
+ * If this permission is granted to a group of identities, then this property
+ * may be used to indicate the name for named relationships, such as role
+ * memberships.
+ *
+ * @return
+ */
+ public String getRelationshipName()
+ {
+ return relationshipName;
+ }
+
+ public void setRelationshipName(String relationshipName)
+ {
+ this.relationshipName = relationshipName;
+ }
+
+ /**
+ * The unique identifier for the resource for which permission is granted
+ *
+ * @return
+ */
+ public String getResource()
+ {
+ return resource;
+ }
+
+ public void setResource(String resource)
+ {
+ this.resource = resource;
+ }
+
+ /**
+ * The permission(s) granted for the resource. May either be a comma-separated
+ * list of permission names (such as create, delete, etc) or a bitmasked
+ * integer value, in which each bit represents a different permission.
+ *
+ * @return
+ */
+ public String getPermission()
+ {
+ return permission;
+ }
+
+ public void setPermission(String permission)
+ {
+ this.permission = permission;
+ }
+}
Modified: modules/security/trunk/examples/idmconsole/src/main/webapp/WEB-INF/beans.xml
===================================================================
--- modules/security/trunk/examples/idmconsole/src/main/webapp/WEB-INF/beans.xml 2010-07-05 07:12:38 UTC (rev 13329)
+++ modules/security/trunk/examples/idmconsole/src/main/webapp/WEB-INF/beans.xml 2010-07-06 00:04:23 UTC (rev 13330)
@@ -5,7 +5,15 @@
-->
<beans xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:s="urn:java:seam:core"
+ xmlns:perm="org.jboss.seam.security.permission"
xsi:schemaLocation="
http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/beans_1_0.xsd">
+
+ <perm:JpaPermissionStore>
+ <s:specializes/>
+
+ <perm:identityPermissionClass>org.jboss.seam.security.examples.idmconsole.model.IdentityPermission</perm:identityPermissionClass>
+ </perm:JpaPermissionStore>
</beans>
13 years, 10 months
Seam SVN: r13329 - in modules/security/trunk: examples/idmconsole/src/main/resources and 5 other directories.
by seam-commits@lists.jboss.org
Author: shane.bryzak(a)jboss.com
Date: 2010-07-05 03:12:38 -0400 (Mon, 05 Jul 2010)
New Revision: 13329
Modified:
modules/security/trunk/examples/idmconsole/src/main/java/org/jboss/seam/security/examples/idmconsole/action/EntityManagerProducer.java
modules/security/trunk/examples/idmconsole/src/main/resources/import.sql
modules/security/trunk/examples/idmconsole/src/main/webapp/manageusers.xhtml
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/IdentityImpl.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/JpaIdentityStore.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/action/UserAction.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/PermissionMapper.java
Log:
reenable permission authorization
Modified: modules/security/trunk/examples/idmconsole/src/main/java/org/jboss/seam/security/examples/idmconsole/action/EntityManagerProducer.java
===================================================================
--- modules/security/trunk/examples/idmconsole/src/main/java/org/jboss/seam/security/examples/idmconsole/action/EntityManagerProducer.java 2010-07-05 01:42:00 UTC (rev 13328)
+++ modules/security/trunk/examples/idmconsole/src/main/java/org/jboss/seam/security/examples/idmconsole/action/EntityManagerProducer.java 2010-07-05 07:12:38 UTC (rev 13329)
@@ -1,16 +1,14 @@
package org.jboss.seam.security.examples.idmconsole.action;
-import javax.enterprise.context.RequestScoped;
+import javax.enterprise.context.ConversationScoped;
import javax.enterprise.inject.Produces;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
+import org.jboss.seam.drools.qualifiers.Stateless;
+
+@Stateless
public class EntityManagerProducer
{
- @PersistenceContext(unitName = "idmconsoleDatabase") EntityManager entityManager;
-
- public @Produces @RequestScoped EntityManager produceEntityManager()
- {
- return entityManager;
- }
+ @Produces @ConversationScoped @PersistenceContext(unitName = "idmconsoleDatabase") EntityManager entityManager;
}
Modified: modules/security/trunk/examples/idmconsole/src/main/resources/import.sql
===================================================================
--- modules/security/trunk/examples/idmconsole/src/main/resources/import.sql 2010-07-05 01:42:00 UTC (rev 13328)
+++ modules/security/trunk/examples/idmconsole/src/main/resources/import.sql 2010-07-05 07:12:38 UTC (rev 13329)
@@ -2,8 +2,10 @@
insert into IdentityObjectType(id, name) values (2, 'GROUP');
insert into IdentityObject (id, name, identity_object_type_id) values (1, 'shane', 1);
+insert into IdentityObject (id, name, identity_object_type_id) values (2, 'demo', 1);
insert into IdentityObjectCredentialType (id, name) values (1, 'PASSWORD');
insert into IdentityObjectCredential (id, identity_object_id, credential_type_id, value) values (1, 1, 1, 'password');
+insert into IdentityObjectCredential (id, identity_object_id, credential_type_id, value) values (2, 2, 1, 'demo');
Modified: modules/security/trunk/examples/idmconsole/src/main/webapp/manageusers.xhtml
===================================================================
--- modules/security/trunk/examples/idmconsole/src/main/webapp/manageusers.xhtml 2010-07-05 01:42:00 UTC (rev 13328)
+++ modules/security/trunk/examples/idmconsole/src/main/webapp/manageusers.xhtml 2010-07-05 07:12:38 UTC (rev 13329)
@@ -47,7 +47,7 @@
<h:commandLink id="edit" value="Edit" action="#{userAction.editUser(user.username)}"/>
<span> | </span>
</ui:fragment>
- <h:link id="delete" value="Delete" action="#{identityManager.deleteUser(userSearch.selectedUser)}"
+ <h:link id="delete" value="Delete" action="#{userAction.deleteUser(user.username)}"
rendered="#{identity.hasPermission('seam.user', 'delete')}"
onclick="return confirmDelete()"/>
</h:column>
Modified: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/IdentityImpl.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/IdentityImpl.java 2010-07-05 01:42:00 UTC (rev 13328)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/IdentityImpl.java 2010-07-05 07:12:38 UTC (rev 13329)
@@ -637,14 +637,12 @@
public boolean hasPermission(Object target, String action)
{
- return true;
- /*
if (!securityEnabled) return true;
if (systemOp != null && Boolean.TRUE.equals(systemOp.get())) return true;
if (permissionMapper == null) return false;
if (target == null) return false;
- return permissionMapper.resolvePermission(target, action);*/
+ return permissionMapper.resolvePermission(target, action);
}
public String getJaasConfigName()
Modified: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/JpaIdentityStore.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/JpaIdentityStore.java 2010-07-05 01:42:00 UTC (rev 13328)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/JpaIdentityStore.java 2010-07-05 07:12:38 UTC (rev 13329)
@@ -895,12 +895,15 @@
return createIdentityObject(invocationCtx, name, identityObjectType, null);
}
- protected Object lookupIdentityType(String identityType, EntityManager em) throws IdentityException
+ protected Object lookupIdentityType(String identityType, EntityManager em)
{
try
{
Property<Object> typeNameProp = modelProperties.get(PROPERTY_IDENTITY_TYPE_NAME);
+ // If there is no identity type table, just return the name
+ if (typeNameProp == null) return identityType;
+
Object val = em.createQuery(
"select t from " + typeNameProp.getDeclaringClass().getName() +
" t where t." + typeNameProp.getName() +
@@ -911,7 +914,7 @@
}
catch (NoResultException ex)
{
- throw new IdentityException("Could not determine identity type [" + identityType + "]");
+ return null;
}
}
@@ -982,13 +985,13 @@
}
else
{
- type.setValue(relationship, lookupRelationshipType(relationshipType));
+ type.setValue(relationship, lookupRelationshipType(relationshipType, em));
}
modelProperties.get(PROPERTY_RELATIONSHIP_NAME).setValue(relationship,
relationshipName);
- //entityManagerInstance.get().persist(relationship);
+ em.persist(relationship);
return new IdentityObjectRelationshipImpl(fromIdentity, toIdentity,
relationshipName, relationshipType);
@@ -1002,6 +1005,7 @@
protected Object lookupIdentity(IdentityObject obj, EntityManager em)
{
Property<?> identityNameProp = modelProperties.get(PROPERTY_IDENTITY_NAME);
+ Property<?> identityTypeProp = modelProperties.get(PROPERTY_IDENTITY_TYPE);
CriteriaBuilder builder = em.getCriteriaBuilder();
CriteriaQuery<?> criteria = builder.createQuery(identityClass);
@@ -1009,6 +1013,7 @@
List<Predicate> predicates = new ArrayList<Predicate>();
predicates.add(builder.equal(root.get(identityNameProp.getName()), obj.getName()));
+ predicates.add(builder.equal(root.get(identityTypeProp.getName()), lookupIdentityType(obj.getIdentityType().getName(), em)));
// TODO add criteria for identity type
@@ -1127,18 +1132,16 @@
CriteriaBuilder builder = em.getCriteriaBuilder();
CriteriaQuery<?> criteria = builder.createQuery(identityClass);
- Root<?> root = criteria.from(identityClass);
+ //Root<?> root = criteria.from(identityClass);
+
+ Property<?> identityNameProp = modelProperties.get(PROPERTY_IDENTITY_NAME);
+
List<Predicate> predicates = new ArrayList<Predicate>();
- //predicates.add(builder.equal(root.get(credentialIdentity.getName()),
- //lookupIdentity(identityObject, em)));
-
criteria.where(predicates.toArray(new Predicate[0]));
List<?> results = em.createQuery(criteria).getResultList();
-
- Property<?> identityNameProp = modelProperties.get(PROPERTY_IDENTITY_NAME);
-
+
Property<?> typeProp = modelProperties.get(PROPERTY_IDENTITY_TYPE);
Property<?> typeNameProp = modelProperties.get(PROPERTY_IDENTITY_TYPE_NAME);
Modified: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/action/UserAction.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/action/UserAction.java 2010-07-05 01:42:00 UTC (rev 13328)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/action/UserAction.java 2010-07-05 07:12:38 UTC (rev 13329)
@@ -52,6 +52,11 @@
enabled = identityManager.isUserEnabled(username);
newUserFlag = false;
}
+
+ public void deleteUser(String username)
+ {
+ identityManager.deleteUser(username);
+ }
public String save()
{
Modified: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/PermissionMapper.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/PermissionMapper.java 2010-07-05 01:42:00 UTC (rev 13328)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/PermissionMapper.java 2010-07-05 07:12:38 UTC (rev 13329)
@@ -24,19 +24,30 @@
@ApplicationScoped
public class PermissionMapper implements Serializable
{
- public static final String DEFAULT_RESOLVER_CHAIN_CREATED = "org.jboss.seam.security.defaultResolverChainCreated";
+ private static final long serialVersionUID = 7692687882996064772L;
+
+ private Map<Class<?>,Map<String,String>> resolverChains = new HashMap<Class<?>,Map<String,String>>();
- private Map<Class,Map<String,String>> resolverChains = new HashMap<Class,Map<String,String>>();
+ private List<PermissionResolver> defaultResolverChain;
- private String defaultResolverChain;
-
- private static final String DEFAULT_RESOLVER_CHAIN = "org.jboss.seam.security.defaultResolverChain";
-
@Inject BeanManager manager;
+ @Inject
+ public void init()
+ {
+ defaultResolverChain = new ArrayList<PermissionResolver>();
+
+ Set<Bean<?>> beans = manager.getBeans(PermissionResolver.class);
+ for (Bean<?> resolverBean : beans)
+ {
+ defaultResolverChain.add((PermissionResolver) manager.getReference(
+ resolverBean, PermissionResolver.class, manager.createCreationalContext(resolverBean)));
+ }
+ }
+
private List<PermissionResolver> getResolvers(Object target, String action)
{
- Class<?> targetClass = null;
+ /*Class<?> targetClass = null;
if (target instanceof Class)
{
@@ -47,26 +58,10 @@
// TODO target may be a component name, or an object, or a view name (or arbitrary name) -
// we need to deal with all of these possibilities
}
-
- // TODO configure resolver chains differently - scan for all beans of type ResolverChain
-
- /*
- if (targetClass != null)
- {
- Map<String,String> chains = resolverChains.get(target);
- if (chains != null && chains.containsKey(action))
- {
- return (ResolverChain) BeanManagerHelper.getInstanceByName(manager, chains.get(action));
- }
- }
-
- if (defaultResolverChain != null && !"".equals(defaultResolverChain))
- {
- return (ResolverChain) BeanManagerHelper.getInstanceByName(manager,defaultResolverChain);
- }
*/
-
- return createDefaultResolverChain();
+ // TODO more customisation of resolver chains
+
+ return defaultResolverChain;
}
public boolean resolvePermission(Object target, String action)
@@ -83,11 +78,11 @@
return false;
}
- public void filterByPermission(Collection collection, String action)
+ public void filterByPermission(Collection<?> collection, String action)
{
boolean homogenous = true;
- Class targetClass = null;
+ Class<?> targetClass = null;
for (Object target : collection)
{
if (targetClass == null) targetClass = target.getClass();
@@ -114,7 +109,7 @@
}
else
{
- Map<Class,Set<Object>> deniedByClass = new HashMap<Class,Set<Object>>();
+ Map<Class<?>,Set<Object>> deniedByClass = new HashMap<Class<?>,Set<Object>>();
for (Object obj : collection)
{
if (!deniedByClass.containsKey(obj.getClass()))
@@ -129,7 +124,7 @@
}
}
- for (Class cls : deniedByClass.keySet())
+ for (Class<?> cls : deniedByClass.keySet())
{
Set<Object> denied = deniedByClass.get(cls);
List<PermissionResolver> resolvers = getResolvers(cls, action);
@@ -145,17 +140,4 @@
}
}
}
-
- @Produces public @SessionScoped List<PermissionResolver> createDefaultResolverChain()
- {
- List<PermissionResolver> resolvers = new ArrayList<PermissionResolver>();
-
- Set<Bean<?>> beans = manager.getBeans(PermissionResolver.class);
- for (Bean<?> resolverBean : beans)
- {
- resolvers.add((PermissionResolver) manager.getReference(resolverBean, PermissionResolver.class, manager.createCreationalContext(resolverBean)));
- }
-
- return resolvers;
- }
}
13 years, 10 months
Seam SVN: r13328 - modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management.
by seam-commits@lists.jboss.org
Author: shane.bryzak(a)jboss.com
Date: 2010-07-04 21:42:00 -0400 (Sun, 04 Jul 2010)
New Revision: 13328
Modified:
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/JpaIdentityStore.java
Log:
implemented remove methods
Modified: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/JpaIdentityStore.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/JpaIdentityStore.java 2010-07-05 00:36:47 UTC (rev 13327)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/JpaIdentityStore.java 2010-07-05 01:42:00 UTC (rev 13328)
@@ -1032,7 +1032,7 @@
return em.createQuery(criteria).getSingleResult();
}
- protected Object lookupRelationshipType(IdentityObjectRelationshipType relationshipType)
+ protected Object lookupRelationshipType(IdentityObjectRelationshipType relationshipType, EntityManager em)
{
// TODO implement
return null;
@@ -1228,20 +1228,58 @@
}
public void removeIdentityObject(
- IdentityStoreInvocationContext invocationCtx, IdentityObject identity)
+ IdentityStoreInvocationContext ctx, IdentityObject identity)
throws IdentityException
{
- // TODO Auto-generated method stub
+ Property<?> nameProperty = modelProperties.get(PROPERTY_IDENTITY_NAME);
+ Property<?> typeProperty = modelProperties.get(PROPERTY_IDENTITY_TYPE);
+ EntityManager em = getEntityManager(ctx);
+
+ CriteriaBuilder builder = em.getCriteriaBuilder();
+ CriteriaQuery<?> criteria = builder.createQuery(identityClass);
+ Root<?> root = criteria.from(identityClass);
+
+ List<Predicate> predicates = new ArrayList<Predicate>();
+ predicates.add(builder.equal(root.get(nameProperty.getName()),
+ identity.getName()));
+ predicates.add(builder.equal(root.get(typeProperty.getName()),
+ lookupIdentityType(identity.getIdentityType().getName(), em)));
+
+ criteria.where(predicates.toArray(new Predicate[0]));
+
+ Object instance = em.createQuery(criteria).getSingleResult();
+
+ em.remove(instance);
}
- public void removeRelationship(IdentityStoreInvocationContext invocationCxt,
+ public void removeRelationship(IdentityStoreInvocationContext ctx,
IdentityObject fromIdentity, IdentityObject toIdentity,
IdentityObjectRelationshipType relationshipType,
String relationshipName) throws IdentityException
{
- // TODO Auto-generated method stub
+ Property<?> fromProperty = modelProperties.get(PROPERTY_RELATIONSHIP_FROM);
+ Property<?> toProperty = modelProperties.get(PROPERTY_RELATIONSHIP_TO);
+ Property<?> relationshipTypeProp = modelProperties.get(PROPERTY_RELATIONSHIP_TYPE);
+ EntityManager em = getEntityManager(ctx);
+
+ CriteriaBuilder builder = em.getCriteriaBuilder();
+ CriteriaQuery<?> criteria = builder.createQuery(identityClass);
+ Root<?> root = criteria.from(identityClass);
+
+ List<Predicate> predicates = new ArrayList<Predicate>();
+ predicates.add(builder.equal(root.get(fromProperty.getName()),
+ lookupIdentity(fromIdentity, em)));
+ predicates.add(builder.equal(root.get(toProperty.getName()),
+ lookupIdentity(toIdentity, em)));
+ predicates.add(builder.equal(root.get(relationshipTypeProp.getName()),
+ lookupRelationshipType(relationshipType, em)));
+
+ criteria.where(predicates.toArray(new Predicate[0]));
+
+ Object relationship = em.createQuery(criteria).getSingleResult();
+ em.remove(relationship);
}
public String removeRelationshipName(IdentityStoreInvocationContext ctx,
13 years, 10 months
Seam SVN: r13327 - in modules/security/trunk: examples/idmconsole/src/main/java/org/jboss/seam/security/examples/idmconsole/action and 5 other directories.
by seam-commits@lists.jboss.org
Author: shane.bryzak(a)jboss.com
Date: 2010-07-04 20:36:47 -0400 (Sun, 04 Jul 2010)
New Revision: 13327
Added:
modules/security/trunk/examples/idmconsole/src/main/webapp/userdetail.xhtml
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/action/UserDTO.java
Modified:
modules/security/trunk/examples/idmconsole/pom.xml
modules/security/trunk/examples/idmconsole/src/main/java/org/jboss/seam/security/examples/idmconsole/action/EntityManagerProducer.java
modules/security/trunk/examples/idmconsole/src/main/webapp/WEB-INF/faces-config.xml
modules/security/trunk/examples/idmconsole/src/main/webapp/manageusers.xhtml
modules/security/trunk/impl/pom.xml
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/IdentityManagerImpl.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/JpaIdentityStore.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/action/UserSearch.java
Log:
example improvements, minor security module stuff
Modified: modules/security/trunk/examples/idmconsole/pom.xml
===================================================================
--- modules/security/trunk/examples/idmconsole/pom.xml 2010-07-02 12:58:29 UTC (rev 13326)
+++ modules/security/trunk/examples/idmconsole/pom.xml 2010-07-05 00:36:47 UTC (rev 13327)
@@ -60,6 +60,22 @@
</exclusions>
</dependency>
+ <dependency>
+ <groupId>org.jboss.seam</groupId>
+ <artifactId>seam-persistence</artifactId>
+ <version>3.0.0-SNAPSHOT</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.hibernate</groupId>
+ <artifactId>hibernate-core</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+
<!-- CDI (JSR-299) -->
<dependency>
<groupId>javax.enterprise</groupId>
Modified: modules/security/trunk/examples/idmconsole/src/main/java/org/jboss/seam/security/examples/idmconsole/action/EntityManagerProducer.java
===================================================================
--- modules/security/trunk/examples/idmconsole/src/main/java/org/jboss/seam/security/examples/idmconsole/action/EntityManagerProducer.java 2010-07-02 12:58:29 UTC (rev 13326)
+++ modules/security/trunk/examples/idmconsole/src/main/java/org/jboss/seam/security/examples/idmconsole/action/EntityManagerProducer.java 2010-07-05 00:36:47 UTC (rev 13327)
@@ -7,7 +7,7 @@
public class EntityManagerProducer
{
- @PersistenceContext EntityManager entityManager;
+ @PersistenceContext(unitName = "idmconsoleDatabase") EntityManager entityManager;
public @Produces @RequestScoped EntityManager produceEntityManager()
{
Modified: modules/security/trunk/examples/idmconsole/src/main/webapp/WEB-INF/faces-config.xml
===================================================================
--- modules/security/trunk/examples/idmconsole/src/main/webapp/WEB-INF/faces-config.xml 2010-07-02 12:58:29 UTC (rev 13326)
+++ modules/security/trunk/examples/idmconsole/src/main/webapp/WEB-INF/faces-config.xml 2010-07-05 00:36:47 UTC (rev 13327)
@@ -1,5 +1,4 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!-- This file is not required if you don't need any extra configuration. -->
<faces-config version="2.0"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
@@ -7,6 +6,33 @@
http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-facesconfig_2_0.xsd">
- <!-- Write your navigation rules here. You are encouraged to use CDI for creating @Named managed beans. -->
+ <name>idmconsole</name>
+
+ <navigation-rule>
+ <from-view-id>/manageusers.xhtml</from-view-id>
+ <navigation-case>
+ <from-action>#{userAction.createUser}</from-action>
+ <if>#{true}</if>
+ <to-view-id>/userdetail.xhtml</to-view-id>
+ <redirect />
+ </navigation-case>
+
+ <navigation-case>
+ <from-action>#{userAction.editUser(user.username)}</from-action>
+ <if>#{true}</if>
+ <to-view-id>/userdetail.xhtml</to-view-id>
+ <redirect/>
+ </navigation-case>
+ </navigation-rule>
+
+ <navigation-rule>
+ <from-view-id>/userdetail.xhtml</from-view-id>
+ <navigation-case>
+ <from-action>#{userAction.save}</from-action>
+ <if>#{true}</if>
+ <to-view-id>/manageusers.xhtml</to-view-id>
+ <redirect />
+ </navigation-case>
+ </navigation-rule>
</faces-config>
Modified: modules/security/trunk/examples/idmconsole/src/main/webapp/manageusers.xhtml
===================================================================
--- modules/security/trunk/examples/idmconsole/src/main/webapp/manageusers.xhtml 2010-07-02 12:58:29 UTC (rev 13326)
+++ modules/security/trunk/examples/idmconsole/src/main/webapp/manageusers.xhtml 2010-07-05 00:36:47 UTC (rev 13327)
@@ -12,42 +12,47 @@
<ui:define name="content">
<h3>Manage Users</h3>
- <h:button id="newUser" action="#{userAction.createUser}" styleClass="newuser" rendered="#{identity.hasPermission('seam.account', 'create')}"/>
-
- <h:dataTable
- id="threads"
- value="#{userSearch.users}"
- var="user"
- styleClass="security"
- cellspacing="0"
- headerClass="header"
- rowClasses="odd,even"
- columnClasses=",,enabled,action">
- <h:column width="auto">
- <f:facet name="header">
- User name
- </f:facet>
- #{user}
- </h:column>
- <h:column id="enabled" width="auto">
- <f:facet name="header">
- Enabled
- </f:facet>
- <div class="#{identityManager.isUserEnabled(user) ? 'checkmark' : 'cross'}"/>
- </h:column>
- <h:column id="action" width="auto">
- <f:facet name="header">
- Action
- </f:facet>
-
- <ui:fragment rendered="#{identity.hasPermission('seam.user', 'update')}">
- <h:link id="edit" value="Edit" action="#{userAction.editUser(userSearch.selectedUser)}"/><span> | </span>
- </ui:fragment>
- <h:link id="delete" value="Delete" action="#{identityManager.deleteUser(userSearch.selectedUser)}"
- rendered="#{identity.hasPermission('seam.user', 'delete')}"
- onclick="return confirmDelete()"/>
- </h:column>
- </h:dataTable>
+ <h:form>
+ <h:commandButton action="#{userAction.createUser}" styleClass="newuser" rendered="#{identity.hasPermission('seam.account', 'create')}"/>
+ </h:form>
+
+ <h:form>
+ <h:dataTable
+ id="threads"
+ value="#{userSearch.users}"
+ var="user"
+ styleClass="security"
+ cellspacing="0"
+ headerClass="header"
+ rowClasses="odd,even"
+ columnClasses=",,enabled,action">
+ <h:column width="auto">
+ <f:facet name="header">
+ User name
+ </f:facet>
+ #{user.username}
+ </h:column>
+ <h:column id="enabled" width="auto">
+ <f:facet name="header">
+ Enabled
+ </f:facet>
+ <div class="#{user.enabled ? 'checkmark' : 'cross'}"/>
+ </h:column>
+ <h:column id="action" width="auto">
+ <f:facet name="header">
+ Action
+ </f:facet>
+
+ <ui:fragment rendered="#{identity.hasPermission('seam.user', 'update')}">
+ <h:commandLink id="edit" value="Edit" action="#{userAction.editUser(user.username)}"/>
+ <span> | </span>
+ </ui:fragment>
+ <h:link id="delete" value="Delete" action="#{identityManager.deleteUser(userSearch.selectedUser)}"
+ rendered="#{identity.hasPermission('seam.user', 'delete')}"
+ onclick="return confirmDelete()"/>
+ </h:column>
+ </h:dataTable>
+ </h:form>
<br style="clear:both"/>
Added: modules/security/trunk/examples/idmconsole/src/main/webapp/userdetail.xhtml
===================================================================
--- modules/security/trunk/examples/idmconsole/src/main/webapp/userdetail.xhtml (rev 0)
+++ modules/security/trunk/examples/idmconsole/src/main/webapp/userdetail.xhtml 2010-07-05 00:36:47 UTC (rev 13327)
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<ui:composition xmlns="http://www.w3.org/1999/xhtml"
+ xmlns:ui="http://java.sun.com/jsf/facelets"
+ xmlns:f="http://java.sun.com/jsf/core"
+ xmlns:h="http://java.sun.com/jsf/html"
+ template="/WEB-INF/templates/default.xhtml">
+
+ <ui:define name="sidebar">
+ <ui:include src="menu.xhtml"/>
+ </ui:define>
+
+ <ui:define name="content">
+
+ <div id="contentMain">
+
+ <h2>User Details</h2>
+
+ <h:messages globalOnly="true"/>
+
+ <h:form id="user">
+
+ <div class="formRow">
+ <h:outputLabel for="firstname" value="First name" styleClass="formLabel"/>
+ <h:inputText id="firstname" value="#{userAction.firstname}"/>
+ <div class="validationError"><h:message for="firstname"/></div>
+ </div>
+
+ <div class="formRow">
+ <h:outputLabel for="lastname" value="Last name" styleClass="formLabel"/>
+ <h:inputText id="lastname" value="#{userAction.lastname}"/>
+ <div class="validationError"><h:message for="lastname"/></div>
+ </div>
+
+ <div class="formRow">
+ <h:outputLabel for="username" value="Username" styleClass="formLabel"/>
+ <h:inputText id="username" value="#{userAction.username}"/>
+ <div class="validationError"><h:message for="username"/></div>
+ </div>
+
+ <div class="formRow">
+ <h:outputLabel for="password" value="Password" styleClass="formLabel"/>
+ <h:inputSecret id="password" value="#{userAction.password}"/>
+ <div class="validationError"><h:message for="password"/></div>
+ </div>
+
+ <div class="formRow">
+ <h:outputLabel for="confirm" value="Confirm password" styleClass="formLabel"/>
+ <h:inputSecret id="confirm" value="#{userAction.confirm}"/>
+ </div>
+
+ <div class="formRow">
+ <h:outputLabel for="roles" value="Member of" styleClass="formLabel"/>
+ <div class="selectMany">
+ <h:selectManyCheckbox id="roles" value="#{userAction.roles}" layout="pageDirection" styleClass="roles">
+ <!--s:selectItems value="#{identityManager.listGrantableRoles}" var="role" label="#{role}"/-->
+ </h:selectManyCheckbox>
+ </div>
+ <div class="validationError"><h:message for="roles"/></div>
+ </div>
+
+ <div class="formRow">
+ <h:outputLabel for="enabled" value="Account enabled" styleClass="formLabel"/>
+ <h:selectBooleanCheckbox id="enabled" value="#{userAction.enabled}"/>
+ </div>
+
+ <div class="formButtons">
+ <h:commandButton id="save" value="Save" action="#{userAction.save}" styleClass="formButton"/>
+ <h:commandButton id="cancel" view="/usermanager.xhtml" value="Cancel" styleClass="formButton"/>
+ </div>
+
+ <br class="clear"/>
+
+ </h:form>
+
+ </div>
+
+ </ui:define>
+
+</ui:composition>
+
Modified: modules/security/trunk/impl/pom.xml
===================================================================
--- modules/security/trunk/impl/pom.xml 2010-07-02 12:58:29 UTC (rev 13326)
+++ modules/security/trunk/impl/pom.xml 2010-07-05 00:36:47 UTC (rev 13327)
@@ -81,6 +81,13 @@
</dependency>
<dependency>
+ <groupId>org.jboss.seam</groupId>
+ <artifactId>seam-persistence</artifactId>
+ <version>3.0.0-SNAPSHOT</version>
+ <optional>true</optional>
+ </dependency>
+
+ <dependency>
<groupId>org.picketlink.idm</groupId>
<artifactId>picketlink-idm-core</artifactId>
<exclusions>
Modified: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/IdentityManagerImpl.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/IdentityManagerImpl.java 2010-07-02 12:58:29 UTC (rev 13326)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/IdentityManagerImpl.java 2010-07-05 00:36:47 UTC (rev 13327)
@@ -5,10 +5,11 @@
import java.util.Collection;
import java.util.List;
-import javax.enterprise.inject.Model;
+import javax.enterprise.context.RequestScoped;
import javax.enterprise.inject.spi.BeanManager;
import javax.inject.Inject;
+import org.jboss.seam.transaction.Transactional;
import org.jboss.seam.security.Identity;
import org.jboss.seam.security.util.Strings;
import org.picketlink.idm.api.Credential;
@@ -29,7 +30,7 @@
*
* @author Shane Bryzak
*/
-@Model
+@RequestScoped @Transactional
public class IdentityManagerImpl implements IdentityManager, Serializable
{
private static final long serialVersionUID = 6864253169970552893L;
Modified: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/JpaIdentityStore.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/JpaIdentityStore.java 2010-07-02 12:58:29 UTC (rev 13326)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/JpaIdentityStore.java 2010-07-05 00:36:47 UTC (rev 13327)
@@ -14,7 +14,6 @@
import javax.persistence.EntityManager;
import javax.persistence.Id;
import javax.persistence.NoResultException;
-import javax.persistence.Query;
import javax.persistence.criteria.CriteriaBuilder;
import javax.persistence.criteria.CriteriaQuery;
import javax.persistence.criteria.Predicate;
@@ -917,7 +916,7 @@
}
public IdentityObject createIdentityObject(
- IdentityStoreInvocationContext invocationCtx, String name,
+ IdentityStoreInvocationContext ctx, String name,
IdentityObjectType identityObjectType, Map<String, String[]> attributes)
throws IdentityException
{
@@ -935,19 +934,20 @@
else
{
typeProp.setValue(identityInstance, lookupIdentityType(identityObjectType.getName(),
- getEntityManager(invocationCtx)));
+ getEntityManager(ctx)));
}
//beanManager.fireEvent(new PrePersistUserEvent(identityInstance));
- //entityManagerInstance.get().persist(identityInstance);
+ getEntityManager(ctx).persist(identityInstance);
//beanManager.fireEvent(new UserCreatedEvent(identityInstance));
// TODO persist attributes
+ Object id = modelProperties.get(PROPERTY_IDENTITY_ID).getValue(identityInstance);
IdentityObject obj = new IdentityObjectImpl(
- modelProperties.get(PROPERTY_IDENTITY_ID).getValue(identityInstance).toString(),
+ (id != null ? id.toString() : null),
name, identityObjectType);
return obj;
Added: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/action/UserDTO.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/action/UserDTO.java (rev 0)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/action/UserDTO.java 2010-07-05 00:36:47 UTC (rev 13327)
@@ -0,0 +1,32 @@
+package org.jboss.seam.security.management.action;
+
+/**
+ * Used to transfer user information to a view layer
+ *
+ * @author Shane Bryzak
+ */
+public class UserDTO
+{
+ private String username;
+ private boolean enabled;
+
+ public String getUsername()
+ {
+ return username;
+ }
+
+ public void setUsername(String username)
+ {
+ this.username = username;
+ }
+
+ public boolean isEnabled()
+ {
+ return enabled;
+ }
+
+ public void setEnabled(boolean enabled)
+ {
+ this.enabled = enabled;
+ }
+}
Modified: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/action/UserSearch.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/action/UserSearch.java 2010-07-02 12:58:29 UTC (rev 13326)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/action/UserSearch.java 2010-07-05 00:36:47 UTC (rev 13327)
@@ -1,6 +1,7 @@
package org.jboss.seam.security.management.action;
import java.io.Serializable;
+import java.util.ArrayList;
import java.util.List;
import javax.enterprise.context.SessionScoped;
@@ -15,16 +16,22 @@
{
private static final long serialVersionUID = 8592034786339372510L;
- List<String> users;
-
- //@DataModelSelection
- //String selectedUser;
-
+ List<UserDTO> users;
+
@Inject IdentityManager identityManager;
@Inject public void loadUsers()
- {
- users = identityManager.findUsers(null);
+ {
+ users = new ArrayList<UserDTO>();
+
+ List<String> usernames = identityManager.findUsers(null);
+ for (String username : usernames)
+ {
+ UserDTO dto = new UserDTO();
+ dto.setUsername(username);
+ dto.setEnabled(identityManager.isUserEnabled(username));
+ users.add(dto);
+ }
}
public String getUserRoles(String username)
@@ -49,7 +56,7 @@
//return selectedUser;
//}
- public List<String> getUsers()
+ public List<UserDTO> getUsers()
{
return users;
}
13 years, 10 months
Seam SVN: r13326 - branches/community/Seam_2_2/examples/wiki/src/test/org/jboss/seam/wiki/test.
by seam-commits@lists.jboss.org
Author: jharting
Date: 2010-07-02 08:58:29 -0400 (Fri, 02 Jul 2010)
New Revision: 13326
Modified:
branches/community/Seam_2_2/examples/wiki/src/test/org/jboss/seam/wiki/test/DocumentFeedEntries.dbunit.xml
Log:
Get DocumentFeedTests passing again.
Modified: branches/community/Seam_2_2/examples/wiki/src/test/org/jboss/seam/wiki/test/DocumentFeedEntries.dbunit.xml
===================================================================
--- branches/community/Seam_2_2/examples/wiki/src/test/org/jboss/seam/wiki/test/DocumentFeedEntries.dbunit.xml 2010-07-01 07:29:24 UTC (rev 13325)
+++ branches/community/Seam_2_2/examples/wiki/src/test/org/jboss/seam/wiki/test/DocumentFeedEntries.dbunit.xml 2010-07-02 12:58:29 UTC (rev 13326)
@@ -7,7 +7,7 @@
FEEDENTRY_TYPE="WIKI_DOCUMENT" WIKI_COMMENT_ID="[NULL]" WIKI_DOCUMENT_ID="9"
FEEDENTRY_ID="1" AUTHOR="System Administrator"
DESCRIPTION_TYPE="html" TITLE="Four" DESCRIPTION_VALUE="<p class="wikiPara">
Testdocument Four</p>
"
- LINK="http://localhost:8080/wiki/4.lace" PUBLISHED_ON="2007-09-23 13:45:00" UPDATED_ON="2007-09-23 13:45:00" OBJ_VERSION="0"/>
+ LINK="http://localhost:8080/wiki/4.lace" PUBLISHED_ON="2010-07-02 13:45:00" UPDATED_ON="2010-07-02 13:45:00" OBJ_VERSION="0"/>
<FEED_FEEDENTRY FEED_ID="1" FEEDENTRY_ID="1"/>
<FEED_FEEDENTRY FEED_ID="2" FEEDENTRY_ID="1"/>
13 years, 10 months