Author: shane.bryzak(a)jboss.com
Date: 2010-07-14 22:32:37 -0400 (Wed, 14 Jul 2010)
New Revision: 13398
Removed:
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/SimplePrincipal.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/NoSuchRoleException.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/NoSuchUserException.java
Modified:
modules/security/trunk/api/src/main/java/org/jboss/seam/security/management/IdentityManager.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/AuthorizationException.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/RememberMe.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/RunAsOperation.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/jaas/SeamLoginModule.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/IdentityManagerImpl.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/JpaIdentityStore.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/action/UserAction.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/action/UserSearch.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/PersistentPermissionResolver.java
Log:
more role-related stuff, cleanup
Modified:
modules/security/trunk/api/src/main/java/org/jboss/seam/security/management/IdentityManager.java
===================================================================
---
modules/security/trunk/api/src/main/java/org/jboss/seam/security/management/IdentityManager.java 2010-07-15
01:31:24 UTC (rev 13397)
+++
modules/security/trunk/api/src/main/java/org/jboss/seam/security/management/IdentityManager.java 2010-07-15
02:32:37 UTC (rev 13398)
@@ -1,10 +1,12 @@
package org.jboss.seam.security.management;
+import java.util.Collection;
import java.util.List;
import org.picketlink.idm.api.Credential;
import org.picketlink.idm.api.IdentityType;
import org.picketlink.idm.api.Role;
+import org.picketlink.idm.api.User;
/**
* Identity Management API, allows management of users, groups and roles.
@@ -195,9 +197,9 @@
* all users.
*
* @param filter The filter used to perform the search.
- * @return A list of users that match the specified filter.
+ * @return A collection of users that match the specified filter.
*/
- List<String> findUsers(String filter);
+ Collection<User> findUsers(String filter);
/**
* Returns a list of all the role types.
@@ -214,7 +216,7 @@
* @param name The user for which to return a list of roles
* @return List containing the names of the granted roles
*/
- List<Role> getGrantedRoles(String name);
+ Collection<Role> getGrantedRoles(String name);
/**
* Returns a list of roles that are either explicitly or indirectly granted to the
specified user.
@@ -230,9 +232,9 @@
* @param roleType The role type of the role
* @param groupName The name of the group the role has been granted in
* @param groupType The type of the group
- * @return A List of IdentityType objects having membership of the specified role
+ * @return A Collection of User objects having membership of the specified role
*/
- List<IdentityType> listRoleMembers(String roleType, String groupName, String
groupType);
+ Collection<User> listRoleMembers(String roleType, String groupName, String
groupType);
/**
* Performs an authentication check using the specified username and credential.
Modified:
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/AuthorizationException.java
===================================================================
---
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/AuthorizationException.java 2010-07-15
01:31:24 UTC (rev 13397)
+++
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/AuthorizationException.java 2010-07-15
02:32:37 UTC (rev 13398)
@@ -1,7 +1,7 @@
package org.jboss.seam.security;
/**
- * Thrown when an authenticated user has insufficient rights to carry out an action.
+ * Thrown when an authenticated user has insufficient rights to perform an operation.
*
* @author Shane Bryzak
*/
Modified:
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/RememberMe.java
===================================================================
---
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/RememberMe.java 2010-07-15
01:31:24 UTC (rev 13397)
+++
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/RememberMe.java 2010-07-15
02:32:37 UTC (rev 13398)
@@ -174,7 +174,7 @@
}
// Set the principal
- identity.getSubject().getPrincipals().add(new SimplePrincipal(username));
+ // identity.getSubject().getPrincipals().add(new
SimplePrincipal(username));
identityImpl.postAuthenticate();
autoLoggedIn = true;
Modified:
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/RunAsOperation.java
===================================================================
---
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/RunAsOperation.java 2010-07-15
01:31:24 UTC (rev 13397)
+++
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/RunAsOperation.java 2010-07-15
02:32:37 UTC (rev 13398)
@@ -20,7 +20,7 @@
public RunAsOperation()
{
- principal = new SimplePrincipal(null);
+ //principal = new SimplePrincipal(null);
subject = new Subject();
}
@@ -53,7 +53,7 @@
{
if ( IdentityImpl.ROLES_GROUP.equals( sg.getName() ) )
{
- sg.addMember(new SimplePrincipal(role));
+ //sg.addMember(new SimplePrincipal(role));
break;
}
}
Deleted:
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/SimplePrincipal.java
===================================================================
---
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/SimplePrincipal.java 2010-07-15
01:31:24 UTC (rev 13397)
+++
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/SimplePrincipal.java 2010-07-15
02:32:37 UTC (rev 13398)
@@ -1,54 +0,0 @@
-package org.jboss.seam.security;
-
-import java.io.Serializable;
-import java.security.Principal;
-
-/**
- * Simple implementation of the Principal interface, supporting a named user.
- *
- * @author Shane Bryzak
- */
-public class SimplePrincipal implements Principal, Serializable
-{
- private static final long serialVersionUID = 5609375932836425908L;
-
- private String name;
-
- public SimplePrincipal(String name)
- {
- this.name = name;
- }
-
- public String getName()
- {
- return name;
- }
-
- @Override
- public boolean equals(Object obj)
- {
- if (obj instanceof Principal)
- {
- Principal other = (Principal) obj;
- return name == null ?
- other.getName() == null :
- name.equals( other.getName() );
- }
- else
- {
- return false;
- }
- }
-
- @Override
- public int hashCode()
- {
- return name != null ? name.hashCode() : super.hashCode();
- }
-
- @Override
- public String toString()
- {
- return name;
- }
-}
Modified:
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/jaas/SeamLoginModule.java
===================================================================
---
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/jaas/SeamLoginModule.java 2010-07-15
01:31:24 UTC (rev 13397)
+++
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/jaas/SeamLoginModule.java 2010-07-15
02:32:37 UTC (rev 13398)
@@ -12,7 +12,6 @@
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
-import org.jboss.seam.security.SimplePrincipal;
import org.jboss.seam.security.callbacks.AuthenticatorCallback;
import org.jboss.seam.security.callbacks.IdentityCallback;
import org.jboss.seam.security.callbacks.IdentityManagerCallback;
@@ -46,7 +45,7 @@
public boolean commit() throws LoginException
{
- subject.getPrincipals().add(new SimplePrincipal(username));
+ //subject.getPrincipals().add(new SimplePrincipal(username));
return true;
}
Modified:
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/IdentityManagerImpl.java
===================================================================
---
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/IdentityManagerImpl.java 2010-07-15
01:31:24 UTC (rev 13397)
+++
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/IdentityManagerImpl.java 2010-07-15
02:32:37 UTC (rev 13398)
@@ -10,17 +10,24 @@
import javax.inject.Inject;
import org.jboss.seam.transaction.Transactional;
+import org.jboss.seam.security.GroupImpl;
import org.jboss.seam.security.Identity;
+import org.jboss.seam.security.UserImpl;
import org.jboss.seam.security.util.Strings;
import org.picketlink.idm.api.Credential;
+import org.picketlink.idm.api.Group;
+import org.picketlink.idm.api.IdentitySearchCriteria;
import org.picketlink.idm.api.IdentitySession;
import org.picketlink.idm.api.IdentityType;
import org.picketlink.idm.api.Role;
+import org.picketlink.idm.api.RoleType;
import org.picketlink.idm.api.User;
import org.picketlink.idm.api.query.QueryException;
import org.picketlink.idm.api.query.UserQuery;
import org.picketlink.idm.api.query.UserQueryBuilder;
+import org.picketlink.idm.common.exception.FeatureNotSupportedException;
import org.picketlink.idm.common.exception.IdentityException;
+import org.picketlink.idm.impl.api.IdentitySearchCriteriaImpl;
import org.picketlink.idm.impl.api.model.SimpleUser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -36,6 +43,7 @@
private static final long serialVersionUID = 6864253169970552893L;
public static final String RESOURCE_IDENTITY = "seam.identity";
+ public static final String RESOURCE_RELATIONSHIP = "seam.relationship";
public static final String PERMISSION_CREATE = "create";
public static final String PERMISSION_READ = "read";
@@ -222,7 +230,7 @@
return false;
}
- public List<String> findUsers(String filter)
+ public Collection<User> findUsers(String filter)
{
identity.checkPermission(RESOURCE_IDENTITY, PERMISSION_READ);
UserQueryBuilder builder = identitySession.createUserQueryBuilder();
@@ -230,16 +238,7 @@
try
{
- Collection<User> users = identitySession.execute(userQuery);
-
- List<String> userList = new ArrayList<String>();
-
- for (User user : users)
- {
- userList.add(user.getId());
- }
-
- return userList;
+ return identitySession.execute(userQuery);
}
catch (QueryException ex)
{
@@ -268,10 +267,30 @@
* @param name The user for which to return a list of roles
* @return List containing the names of the granted roles
*/
- public List<Role> getGrantedRoles(String username)
+ public Collection<Role> getGrantedRoles(String username)
{
- //return roleIdentityStore.listGrantedRoles(username);
- return null;
+ identity.checkPermission(RESOURCE_RELATIONSHIP, PERMISSION_READ);
+ try
+ {
+ Collection<Role> roles = new ArrayList<Role>();
+
+ Collection<RoleType> roleTypes =
identitySession.getRoleManager().findUserRoleTypes(new UserImpl(username));
+
+ for (RoleType roleType : roleTypes)
+ {
+ roles.addAll(identitySession.getRoleManager().findRoles(username,
roleType.getName()));
+ }
+
+ return roles;
+ }
+ catch (IdentityException e)
+ {
+ throw new RuntimeException(e);
+ }
+ catch (FeatureNotSupportedException e)
+ {
+ throw new RuntimeException(e);
+ }
}
/**
@@ -286,11 +305,24 @@
return null;
}
- public List<IdentityType> listRoleMembers(String roleType, String groupName,
String groupType)
+ public Collection<User> listRoleMembers(String roleType, String groupName,
String groupType)
{
- //identity.checkPermission(ROLE_PERMISSION_NAME, PERMISSION_READ);
- //return roleIdentityStore.listRoleMembers(roleType, groupName, groupType);
- return null;
+ identity.checkPermission(RESOURCE_RELATIONSHIP, PERMISSION_READ);
+ Group group = new GroupImpl(groupType, groupName);
+ IdentitySearchCriteriaImpl criteria = new IdentitySearchCriteriaImpl();
+
+ try
+ {
+ return identitySession.getRoleManager().findUsersWithRelatedRole(group,
criteria);
+ }
+ catch (IdentityException e)
+ {
+ throw new RuntimeException(e);
+ }
+ catch (FeatureNotSupportedException e)
+ {
+ throw new RuntimeException(e);
+ }
}
public boolean authenticate(String username, Credential credential)
Modified:
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/JpaIdentityStore.java
===================================================================
---
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/JpaIdentityStore.java 2010-07-15
01:31:24 UTC (rev 13397)
+++
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/JpaIdentityStore.java 2010-07-15
02:32:37 UTC (rev 13398)
@@ -1103,7 +1103,7 @@
return em.createQuery(criteria).getSingleResult();
}
- protected Object lookupCredentialType(String name, EntityManager em)
+ protected Object lookupCredentialTypeEntity(String name, EntityManager em)
{
Property<?> credentialTypeNameProp =
modelProperties.get(PROPERTY_CREDENTIAL_TYPE_NAME);
@@ -1238,7 +1238,6 @@
objs.add(new IdentityObjectImpl(name, name, type));
}
- // TODO Auto-generated method stub
return objs;
}
@@ -1249,6 +1248,8 @@
{
List<IdentityObject> objs = new ArrayList<IdentityObject>();
+ System.out.println("*** Invoked unimplemented method
findIdentityObject()");
+
// TODO Auto-generated method stub
return objs;
}
@@ -1262,6 +1263,7 @@
IdentityStoreInvocationContext invocationCtx,
IdentityObjectType identityType) throws IdentityException
{
+ System.out.println("*** Invoked unimplemented method
getIdentityObjectsCount()");
// TODO Auto-generated method stub
return 0;
}
@@ -1270,6 +1272,7 @@
IdentityStoreInvocationContext ctx, String name)
throws IdentityException, OperationNotSupportedException
{
+ System.out.println("*** Invoked unimplemented method
getRelationshipNameProperties()");
// TODO Auto-generated method stub
return null;
}
@@ -1278,6 +1281,7 @@
IdentityObjectSearchCriteria criteria) throws IdentityException,
OperationNotSupportedException
{
+ System.out.println("*** Invoked unimplemented method
getRelationshipNames()");
// TODO Auto-generated method stub
return null;
}
@@ -1286,6 +1290,7 @@
IdentityObject identity, IdentityObjectSearchCriteria criteria)
throws IdentityException, OperationNotSupportedException
{
+ System.out.println("*** Invoked unimplemented method
getRelationshipNames()");
// TODO Auto-generated method stub
return null;
}
@@ -1295,12 +1300,14 @@
IdentityObjectRelationship relationship) throws IdentityException,
OperationNotSupportedException
{
+ System.out.println("*** Invoked unimplemented method
getRelationshipProperties()");
// TODO Auto-generated method stub
return null;
}
public FeaturesMetaData getSupportedFeatures()
{
+ System.out.println("*** Invoked unimplemented method
getSupportedFeatures()");
// TODO Auto-generated method stub
return null;
}
@@ -1363,6 +1370,7 @@
public String removeRelationshipName(IdentityStoreInvocationContext ctx,
String name) throws IdentityException, OperationNotSupportedException
{
+ System.out.println("*** Invoked unimplemented method
removeRelationshipName()");
// TODO Auto-generated method stub
return null;
}
@@ -1372,7 +1380,7 @@
throws IdentityException, OperationNotSupportedException
{
// TODO Auto-generated method stub
-
+ System.out.println("*** Invoked unimplemented method
removeRelationshipNameProperties()");
}
public void removeRelationshipProperties(IdentityStoreInvocationContext ctx,
@@ -1380,7 +1388,7 @@
throws IdentityException, OperationNotSupportedException
{
// TODO Auto-generated method stub
-
+ System.out.println("*** Invoked unimplemented method
removeRelationshipProperties()");
}
public void removeRelationships(
@@ -1389,7 +1397,7 @@
throws IdentityException
{
// TODO Auto-generated method stub
-
+ System.out.println("*** Invoked unimplemented method
removeRelationships()");
}
public Set<IdentityObjectRelationship> resolveRelationships(
@@ -1458,6 +1466,7 @@
boolean named, String name) throws IdentityException
{
// TODO Auto-generated method stub
+ System.out.println("*** Invoked unimplemented method
resolveRelationships()");
return null;
}
@@ -1467,6 +1476,7 @@
OperationNotSupportedException
{
// TODO Auto-generated method stub
+ System.out.println("*** Invoked unimplemented method
setRelationshipNameProperties()");
}
@@ -1475,7 +1485,7 @@
throws IdentityException, OperationNotSupportedException
{
// TODO Auto-generated method stub
-
+ System.out.println("*** Invoked unimplemented method
setRelationshipProperties()");
}
public void updateCredential(IdentityStoreInvocationContext ctx,
@@ -1483,7 +1493,7 @@
throws IdentityException
{
// TODO Auto-generated method stub
-
+ System.out.println("*** Invoked unimplemented method
updateCredential()");
}
public boolean validateCredential(IdentityStoreInvocationContext ctx,
@@ -1518,7 +1528,7 @@
else
{
predicates.add(builder.equal(root.get(credentialType.getName()),
- lookupCredentialType(credential.getType().getName(), em)));
+ lookupCredentialTypeEntity(credential.getType().getName(), em)));
}
}
Deleted:
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/NoSuchRoleException.java
===================================================================
---
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/NoSuchRoleException.java 2010-07-15
01:31:24 UTC (rev 13397)
+++
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/NoSuchRoleException.java 2010-07-15
02:32:37 UTC (rev 13398)
@@ -1,21 +0,0 @@
-package org.jboss.seam.security.management;
-
-/**
- * Thrown when an operation is performed on a non-existent role.
- *
- * @author Shane Bryzak
- */
-public class NoSuchRoleException extends RuntimeException
-{
- private static final long serialVersionUID = 7711431103948571607L;
-
- public NoSuchRoleException(String message)
- {
- super(message);
- }
-
- public NoSuchRoleException(String message, Throwable cause)
- {
- super(message, cause);
- }
-}
Deleted:
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/NoSuchUserException.java
===================================================================
---
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/NoSuchUserException.java 2010-07-15
01:31:24 UTC (rev 13397)
+++
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/NoSuchUserException.java 2010-07-15
02:32:37 UTC (rev 13398)
@@ -1,21 +0,0 @@
-package org.jboss.seam.security.management;
-
-/**
- * Thrown when an operation is attempted on a non-existent user.
- *
- * @author Shane Bryzak
- */
-public class NoSuchUserException extends RuntimeException
-{
- private static final long serialVersionUID = -6117983356287782094L;
-
- public NoSuchUserException(String message)
- {
- super(message);
- }
-
- public NoSuchUserException(String message, Throwable cause)
- {
- super(message, cause);
- }
-}
Modified:
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/action/UserAction.java
===================================================================
---
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/action/UserAction.java 2010-07-15
01:31:24 UTC (rev 13397)
+++
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/action/UserAction.java 2010-07-15
02:32:37 UTC (rev 13398)
@@ -2,6 +2,7 @@
import java.io.Serializable;
import java.util.ArrayList;
+import java.util.Collection;
import java.util.List;
import javax.enterprise.context.Conversation;
@@ -118,7 +119,7 @@
}
}
- List<Role> grantedRoles = identityManager.getGrantedRoles(username);
+ Collection<Role> grantedRoles = identityManager.getGrantedRoles(username);
if (grantedRoles != null)
{
Modified:
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/action/UserSearch.java
===================================================================
---
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/action/UserSearch.java 2010-07-15
01:31:24 UTC (rev 13397)
+++
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/action/UserSearch.java 2010-07-15
02:32:37 UTC (rev 13398)
@@ -2,6 +2,7 @@
import java.io.Serializable;
import java.util.ArrayList;
+import java.util.Collection;
import java.util.List;
import javax.enterprise.context.SessionScoped;
@@ -9,6 +10,8 @@
import javax.inject.Named;
import org.jboss.seam.security.management.IdentityManager;
+import org.picketlink.idm.api.Role;
+import org.picketlink.idm.api.User;
@Named
@SessionScoped
@@ -24,29 +27,29 @@
{
users = new ArrayList<UserDTO>();
- List<String> usernames = identityManager.findUsers(null);
- for (String username : usernames)
+ Collection<User> results = identityManager.findUsers(null);
+ for (User user : results)
{
UserDTO dto = new UserDTO();
- dto.setUsername(username);
- dto.setEnabled(identityManager.isUserEnabled(username));
+ dto.setUsername(user.getId());
+ dto.setEnabled(identityManager.isUserEnabled(user.getId()));
users.add(dto);
}
}
public String getUserRoles(String username)
{
- // TODO rewrite
- //List<String> roles = identityManager.getGrantedRoles(username);
+ Collection<Role> roles = identityManager.getGrantedRoles(username);
//if (roles == null) return "";
StringBuilder sb = new StringBuilder();
- //for (String role : roles)
- //{
- // sb.append((sb.length() > 0 ? ", " : "") + role);
- //}
+ for (Role role : roles)
+ {
+ sb.append((sb.length() > 0 ? ", " : "") +
role.getRoleType().getName() +
+ ":" + role.getGroup().getName());
+ }
return sb.toString();
}
Modified:
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/PersistentPermissionResolver.java
===================================================================
---
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/PersistentPermissionResolver.java 2010-07-15
01:31:24 UTC (rev 13397)
+++
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/PersistentPermissionResolver.java 2010-07-15
02:32:37 UTC (rev 13398)
@@ -9,7 +9,6 @@
import javax.inject.Inject;
import org.jboss.seam.security.Identity;
-import org.jboss.seam.security.SimplePrincipal;
/**
* Resolves dynamically-assigned permissions, mapped to a user or a role, and kept in
persistent
@@ -52,7 +51,7 @@
{
for (Permission permission : permissions)
{
- if (permission.getIdentity() instanceof SimplePrincipal &&
+ if (//permission.getIdentity() instanceof SimplePrincipal &&
username.equals(permission.getIdentity().getName()))
{
return true;
@@ -97,7 +96,7 @@
{
if (permission.getResource().equals(target))
{
- if (permission.getIdentity() instanceof SimplePrincipal &&
+ if (//permission.getIdentity() instanceof SimplePrincipal &&
username.equals(permission.getIdentity().getName()))
{
iter.remove();