5:58 a.m.
Author: shane.bryzak(a)jboss.com
Date: 2008-04-28 06:58:51 -0400 (Mon, 28 Apr 2008)
New Revision: 8045
Added:
trunk/src/main/org/jboss/seam/annotations/security/permission/Identifier.java
trunk/src/main/org/jboss/seam/security/permission/ClassIdentifierStrategy.java
trunk/src/main/org/jboss/seam/security/permission/EntityIdentifierStrategy.java
trunk/src/main/org/jboss/seam/security/permission/IdentifierPolicy.java
trunk/src/main/org/jboss/seam/security/permission/IdentifierStrategy.java
Modified:
trunk/src/main/org/jboss/seam/security/permission/JpaPermissionStore.java
trunk/src/main/org/jboss/seam/security/permission/PersistentPermissionResolver.java
Log:
permission target identifiers
Added: trunk/src/main/org/jboss/seam/annotations/security/permission/Identifier.java
===================================================================
--- trunk/src/main/org/jboss/seam/annotations/security/permission/Identifier.java
(rev 0)
+++
trunk/src/main/org/jboss/seam/annotations/security/permission/Identifier.java 2008-04-28
10:58:51 UTC (rev 8045)
@@ -0,0 +1,27 @@
+package org.jboss.seam.annotations.security.permission;
+
+import static java.lang.annotation.ElementType.FIELD;
+import static java.lang.annotation.ElementType.METHOD;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.Inherited;
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+import org.jboss.seam.security.permission.IdentifierStrategy;
+
+/**
+ * Configures the Identifier strategy to use for instance-based permissions. The
specified class
+ * should implement the IdentifierStrategy interface.
+ *
+ * @author Shane Bryzak
+ */
+@Target({METHOD,FIELD})
+@Documented
+@Retention(RUNTIME)
+@Inherited
+public @interface Identifier
+{
+ Class<? extends IdentifierStrategy> value();
+}
Added: trunk/src/main/org/jboss/seam/security/permission/ClassIdentifierStrategy.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/ClassIdentifierStrategy.java
(rev 0)
+++
trunk/src/main/org/jboss/seam/security/permission/ClassIdentifierStrategy.java 2008-04-28
10:58:51 UTC (rev 8045)
@@ -0,0 +1,21 @@
+package org.jboss.seam.security.permission;
+
+/**
+ * An Identifier strategy for class-based permission checks
+ *
+ * @author Shane Bryzak
+ */
+public class ClassIdentifierStrategy implements IdentifierStrategy
+{
+ public boolean canIdentify(Class targetClass)
+ {
+ return Class.class.equals(targetClass);
+ }
+
+ public String getIdentifier(Object target)
+ {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+}
Added: trunk/src/main/org/jboss/seam/security/permission/EntityIdentifierStrategy.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/EntityIdentifierStrategy.java
(rev 0)
+++
trunk/src/main/org/jboss/seam/security/permission/EntityIdentifierStrategy.java 2008-04-28
10:58:51 UTC (rev 8045)
@@ -0,0 +1,48 @@
+package org.jboss.seam.security.permission;
+
+import javax.persistence.Entity;
+import javax.persistence.EntityManager;
+
+import org.jboss.seam.Component;
+import org.jboss.seam.core.Expressions;
+import org.jboss.seam.core.Expressions.ValueExpression;
+import org.jboss.seam.persistence.PersistenceProvider;
+
+/**
+ * An Identifier strategy for entity-based permission checks
+ *
+ * @author Shane Bryzak
+ */
+public class EntityIdentifierStrategy implements IdentifierStrategy
+{
+ private ValueExpression<EntityManager> entityManager;
+
+ private PersistenceProvider persistenceProvider;
+
+ public EntityIdentifierStrategy()
+ {
+ persistenceProvider = (PersistenceProvider)
Component.getInstance(PersistenceProvider.class, true);
+
+ if (entityManager == null)
+ {
+ entityManager =
Expressions.instance().createValueExpression("#{entityManager}",
+ EntityManager.class);
+ }
+ }
+
+ public boolean canIdentify(Class targetClass)
+ {
+ return targetClass.isAnnotationPresent(Entity.class);
+ }
+
+ public String getIdentifier(Object target)
+ {
+ // TODO temporary, need to implement properly
+ return target.getClass().getName() + ":" +
persistenceProvider.getId(target, lookupEntityManager());
+ }
+
+ private EntityManager lookupEntityManager()
+ {
+ return entityManager.getValue();
+ }
+}
Added: trunk/src/main/org/jboss/seam/security/permission/IdentifierPolicy.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/IdentifierPolicy.java
(rev 0)
+++ trunk/src/main/org/jboss/seam/security/permission/IdentifierPolicy.java 2008-04-28
10:58:51 UTC (rev 8045)
@@ -0,0 +1,83 @@
+package org.jboss.seam.security.permission;
+
+import static org.jboss.seam.ScopeType.APPLICATION;
+
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
+
+import org.jboss.seam.annotations.Create;
+import org.jboss.seam.annotations.Install;
+import org.jboss.seam.annotations.Name;
+import org.jboss.seam.annotations.Scope;
+import org.jboss.seam.annotations.intercept.BypassInterceptors;
+import org.jboss.seam.annotations.security.permission.Identifier;
+
+(a)Name("org.jboss.seam.security.identifierPolicy")
+@Scope(APPLICATION)
+@BypassInterceptors
+@Install(precedence = Install.BUILT_IN)
+public class IdentifierPolicy
+{
+ private Map<Class,IdentifierStrategy> strategies = new
ConcurrentHashMap<Class,IdentifierStrategy>();
+
+ private Set<IdentifierStrategy> registeredStrategies = new
HashSet<IdentifierStrategy>();
+
+ @Create
+ public void create()
+ {
+ if (registeredStrategies.isEmpty())
+ {
+ registeredStrategies.add(new EntityIdentifierStrategy());
+ registeredStrategies.add(new ClassIdentifierStrategy());
+ }
+ }
+
+ public String getIdentifier(Object target)
+ {
+ IdentifierStrategy strategy = strategies.get(target.getClass());
+
+ if (strategy == null)
+ {
+ if (target.getClass().isAnnotationPresent(Identifier.class))
+ {
+ Class<? extends IdentifierStrategy> strategyClass =
+ target.getClass().getAnnotation(Identifier.class).value();
+ try
+ {
+ strategy = strategyClass.newInstance();
+ strategies.put(target.getClass(), strategy);
+ }
+ catch (Exception ex)
+ {
+ throw new RuntimeException("Error instantiating IdentifierStrategy
for object " + target, ex);
+ }
+ }
+ else
+ {
+ for (IdentifierStrategy s : registeredStrategies)
+ {
+ if (s.canIdentify(target.getClass()))
+ {
+ strategy = s;
+ strategies.put(target.getClass(), strategy);
+ break;
+ }
+ }
+ }
+ }
+
+ return strategy.getIdentifier(target);
+ }
+
+ public Set<IdentifierStrategy> getRegisteredStrategies()
+ {
+ return registeredStrategies;
+ }
+
+ public void setRegisteredStrategies(Set<IdentifierStrategy>
registeredStrategies)
+ {
+ this.registeredStrategies = registeredStrategies;
+ }
+}
Added: trunk/src/main/org/jboss/seam/security/permission/IdentifierStrategy.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/IdentifierStrategy.java
(rev 0)
+++ trunk/src/main/org/jboss/seam/security/permission/IdentifierStrategy.java 2008-04-28
10:58:51 UTC (rev 8045)
@@ -0,0 +1,12 @@
+package org.jboss.seam.security.permission;
+
+/**
+ * Strategy for generating permission target identifiers.
+ *
+ * @author Shane Bryzak
+ */
+public interface IdentifierStrategy
+{
+ boolean canIdentify(Class targetClass);
+ String getIdentifier(Object target);
+}
Modified: trunk/src/main/org/jboss/seam/security/permission/JpaPermissionStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/JpaPermissionStore.java 2008-04-28
10:42:00 UTC (rev 8044)
+++ trunk/src/main/org/jboss/seam/security/permission/JpaPermissionStore.java 2008-04-28
10:58:51 UTC (rev 8045)
@@ -39,7 +39,7 @@
*
* @author Shane Bryzak
*/
-(a)Name("org.jboss.seam.security.permission.jpaPermissionStore")
+(a)Name("org.jboss.seam.security.jpaPermissionStore")
@Install(precedence = BUILT_IN, value=false)
@Scope(APPLICATION)
@BypassInterceptors
Modified:
trunk/src/main/org/jboss/seam/security/permission/PersistentPermissionResolver.java
===================================================================
---
trunk/src/main/org/jboss/seam/security/permission/PersistentPermissionResolver.java 2008-04-28
10:42:00 UTC (rev 8044)
+++
trunk/src/main/org/jboss/seam/security/permission/PersistentPermissionResolver.java 2008-04-28
10:58:51 UTC (rev 8045)
@@ -24,7 +24,7 @@
*
* @author Shane Bryzak
*/
-(a)Name("org.jboss.seam.security.dynamicPermissionResolver")
+(a)Name("org.jboss.seam.security.persistentPermissionResolver")
@Scope(APPLICATION)
@BypassInterceptors
@Install(precedence=FRAMEWORK)
@@ -33,12 +33,16 @@
{
private PermissionStore permissionStore;
+ private IdentifierPolicy identifierPolicy;
+
private static final LogProvider log =
Logging.getLogProvider(PersistentPermissionResolver.class);
@Create
public void create()
{
initPermissionStore();
+
+ identifierPolicy = (IdentifierPolicy) Component.getInstance(IdentifierPolicy.class,
true);
}
protected void initPermissionStore()
@@ -51,7 +55,7 @@
if (permissionStore == null)
{
log.warn("no permission store available - please install a PermissionStore
with the name '" +
- Seam.getComponentName(JpaPermissionStore.class) + "' if dynamic
permissions are required.");
+ Seam.getComponentName(JpaPermissionStore.class) + "' if
persistent permissions are required.");
}
}
@@ -73,13 +77,9 @@
if (!identity.isLoggedIn()) return false;
- String targetName = Seam.getComponentName(target.getClass());
- if (targetName == null)
- {
- targetName = target.getClass().getName();
- }
+ String identifier = identifierPolicy.getIdentifier(target);
- List<Permission> permissions = permissionStore.listPermissions(targetName,
action);
+ List<Permission> permissions = permissionStore.listPermissions(identifier,
action);
String username = identity.getPrincipal().getName();