Author: shane.bryzak(a)jboss.com
Date: 2010-07-05 03:12:38 -0400 (Mon, 05 Jul 2010)
New Revision: 13329
Modified:
modules/security/trunk/examples/idmconsole/src/main/java/org/jboss/seam/security/examples/idmconsole/action/EntityManagerProducer.java
modules/security/trunk/examples/idmconsole/src/main/resources/import.sql
modules/security/trunk/examples/idmconsole/src/main/webapp/manageusers.xhtml
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/IdentityImpl.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/JpaIdentityStore.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/action/UserAction.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/PermissionMapper.java
Log:
reenable permission authorization
Modified:
modules/security/trunk/examples/idmconsole/src/main/java/org/jboss/seam/security/examples/idmconsole/action/EntityManagerProducer.java
===================================================================
---
modules/security/trunk/examples/idmconsole/src/main/java/org/jboss/seam/security/examples/idmconsole/action/EntityManagerProducer.java 2010-07-05
01:42:00 UTC (rev 13328)
+++
modules/security/trunk/examples/idmconsole/src/main/java/org/jboss/seam/security/examples/idmconsole/action/EntityManagerProducer.java 2010-07-05
07:12:38 UTC (rev 13329)
@@ -1,16 +1,14 @@
package org.jboss.seam.security.examples.idmconsole.action;
-import javax.enterprise.context.RequestScoped;
+import javax.enterprise.context.ConversationScoped;
import javax.enterprise.inject.Produces;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
+import org.jboss.seam.drools.qualifiers.Stateless;
+
+@Stateless
public class EntityManagerProducer
{
- @PersistenceContext(unitName = "idmconsoleDatabase") EntityManager
entityManager;
-
- public @Produces @RequestScoped EntityManager produceEntityManager()
- {
- return entityManager;
- }
+ @Produces @ConversationScoped @PersistenceContext(unitName =
"idmconsoleDatabase") EntityManager entityManager;
}
Modified: modules/security/trunk/examples/idmconsole/src/main/resources/import.sql
===================================================================
--- modules/security/trunk/examples/idmconsole/src/main/resources/import.sql 2010-07-05
01:42:00 UTC (rev 13328)
+++ modules/security/trunk/examples/idmconsole/src/main/resources/import.sql 2010-07-05
07:12:38 UTC (rev 13329)
@@ -2,8 +2,10 @@
insert into IdentityObjectType(id, name) values (2, 'GROUP');
insert into IdentityObject (id, name, identity_object_type_id) values (1,
'shane', 1);
+insert into IdentityObject (id, name, identity_object_type_id) values (2, 'demo',
1);
insert into IdentityObjectCredentialType (id, name) values (1, 'PASSWORD');
insert into IdentityObjectCredential (id, identity_object_id, credential_type_id, value)
values (1, 1, 1, 'password');
+insert into IdentityObjectCredential (id, identity_object_id, credential_type_id, value)
values (2, 2, 1, 'demo');
Modified: modules/security/trunk/examples/idmconsole/src/main/webapp/manageusers.xhtml
===================================================================
---
modules/security/trunk/examples/idmconsole/src/main/webapp/manageusers.xhtml 2010-07-05
01:42:00 UTC (rev 13328)
+++
modules/security/trunk/examples/idmconsole/src/main/webapp/manageusers.xhtml 2010-07-05
07:12:38 UTC (rev 13329)
@@ -47,7 +47,7 @@
<h:commandLink id="edit" value="Edit"
action="#{userAction.editUser(user.username)}"/>
<span> | </span>
</ui:fragment>
- <h:link id="delete" value="Delete"
action="#{identityManager.deleteUser(userSearch.selectedUser)}"
+ <h:link id="delete" value="Delete"
action="#{userAction.deleteUser(user.username)}"
rendered="#{identity.hasPermission('seam.user',
'delete')}"
onclick="return confirmDelete()"/>
</h:column>
Modified:
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/IdentityImpl.java
===================================================================
---
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/IdentityImpl.java 2010-07-05
01:42:00 UTC (rev 13328)
+++
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/IdentityImpl.java 2010-07-05
07:12:38 UTC (rev 13329)
@@ -637,14 +637,12 @@
public boolean hasPermission(Object target, String action)
{
- return true;
- /*
if (!securityEnabled) return true;
if (systemOp != null && Boolean.TRUE.equals(systemOp.get())) return true;
if (permissionMapper == null) return false;
if (target == null) return false;
- return permissionMapper.resolvePermission(target, action);*/
+ return permissionMapper.resolvePermission(target, action);
}
public String getJaasConfigName()
Modified:
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/JpaIdentityStore.java
===================================================================
---
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/JpaIdentityStore.java 2010-07-05
01:42:00 UTC (rev 13328)
+++
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/JpaIdentityStore.java 2010-07-05
07:12:38 UTC (rev 13329)
@@ -895,12 +895,15 @@
return createIdentityObject(invocationCtx, name, identityObjectType, null);
}
- protected Object lookupIdentityType(String identityType, EntityManager em) throws
IdentityException
+ protected Object lookupIdentityType(String identityType, EntityManager em)
{
try
{
Property<Object> typeNameProp =
modelProperties.get(PROPERTY_IDENTITY_TYPE_NAME);
+ // If there is no identity type table, just return the name
+ if (typeNameProp == null) return identityType;
+
Object val = em.createQuery(
"select t from " + typeNameProp.getDeclaringClass().getName() +
" t where t." + typeNameProp.getName() +
@@ -911,7 +914,7 @@
}
catch (NoResultException ex)
{
- throw new IdentityException("Could not determine identity type [" +
identityType + "]");
+ return null;
}
}
@@ -982,13 +985,13 @@
}
else
{
- type.setValue(relationship, lookupRelationshipType(relationshipType));
+ type.setValue(relationship, lookupRelationshipType(relationshipType, em));
}
modelProperties.get(PROPERTY_RELATIONSHIP_NAME).setValue(relationship,
relationshipName);
- //entityManagerInstance.get().persist(relationship);
+ em.persist(relationship);
return new IdentityObjectRelationshipImpl(fromIdentity, toIdentity,
relationshipName, relationshipType);
@@ -1002,6 +1005,7 @@
protected Object lookupIdentity(IdentityObject obj, EntityManager em)
{
Property<?> identityNameProp = modelProperties.get(PROPERTY_IDENTITY_NAME);
+ Property<?> identityTypeProp = modelProperties.get(PROPERTY_IDENTITY_TYPE);
CriteriaBuilder builder = em.getCriteriaBuilder();
CriteriaQuery<?> criteria = builder.createQuery(identityClass);
@@ -1009,6 +1013,7 @@
List<Predicate> predicates = new ArrayList<Predicate>();
predicates.add(builder.equal(root.get(identityNameProp.getName()),
obj.getName()));
+ predicates.add(builder.equal(root.get(identityTypeProp.getName()),
lookupIdentityType(obj.getIdentityType().getName(), em)));
// TODO add criteria for identity type
@@ -1127,18 +1132,16 @@
CriteriaBuilder builder = em.getCriteriaBuilder();
CriteriaQuery<?> criteria = builder.createQuery(identityClass);
- Root<?> root = criteria.from(identityClass);
+ //Root<?> root = criteria.from(identityClass);
+
+ Property<?> identityNameProp = modelProperties.get(PROPERTY_IDENTITY_NAME);
+
List<Predicate> predicates = new ArrayList<Predicate>();
- //predicates.add(builder.equal(root.get(credentialIdentity.getName()),
- //lookupIdentity(identityObject, em)));
-
criteria.where(predicates.toArray(new Predicate[0]));
List<?> results = em.createQuery(criteria).getResultList();
-
- Property<?> identityNameProp = modelProperties.get(PROPERTY_IDENTITY_NAME);
-
+
Property<?> typeProp = modelProperties.get(PROPERTY_IDENTITY_TYPE);
Property<?> typeNameProp = modelProperties.get(PROPERTY_IDENTITY_TYPE_NAME);
Modified:
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/action/UserAction.java
===================================================================
---
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/action/UserAction.java 2010-07-05
01:42:00 UTC (rev 13328)
+++
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/action/UserAction.java 2010-07-05
07:12:38 UTC (rev 13329)
@@ -52,6 +52,11 @@
enabled = identityManager.isUserEnabled(username);
newUserFlag = false;
}
+
+ public void deleteUser(String username)
+ {
+ identityManager.deleteUser(username);
+ }
public String save()
{
Modified:
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/PermissionMapper.java
===================================================================
---
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/PermissionMapper.java 2010-07-05
01:42:00 UTC (rev 13328)
+++
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/PermissionMapper.java 2010-07-05
07:12:38 UTC (rev 13329)
@@ -24,19 +24,30 @@
@ApplicationScoped
public class PermissionMapper implements Serializable
{
- public static final String DEFAULT_RESOLVER_CHAIN_CREATED =
"org.jboss.seam.security.defaultResolverChainCreated";
+ private static final long serialVersionUID = 7692687882996064772L;
+
+ private Map<Class<?>,Map<String,String>> resolverChains = new
HashMap<Class<?>,Map<String,String>>();
- private Map<Class,Map<String,String>> resolverChains = new
HashMap<Class,Map<String,String>>();
+ private List<PermissionResolver> defaultResolverChain;
- private String defaultResolverChain;
-
- private static final String DEFAULT_RESOLVER_CHAIN =
"org.jboss.seam.security.defaultResolverChain";
-
@Inject BeanManager manager;
+ @Inject
+ public void init()
+ {
+ defaultResolverChain = new ArrayList<PermissionResolver>();
+
+ Set<Bean<?>> beans = manager.getBeans(PermissionResolver.class);
+ for (Bean<?> resolverBean : beans)
+ {
+ defaultResolverChain.add((PermissionResolver) manager.getReference(
+ resolverBean, PermissionResolver.class,
manager.createCreationalContext(resolverBean)));
+ }
+ }
+
private List<PermissionResolver> getResolvers(Object target, String action)
{
- Class<?> targetClass = null;
+ /*Class<?> targetClass = null;
if (target instanceof Class)
{
@@ -47,26 +58,10 @@
// TODO target may be a component name, or an object, or a view name (or
arbitrary name) -
// we need to deal with all of these possibilities
}
-
- // TODO configure resolver chains differently - scan for all beans of type
ResolverChain
-
- /*
- if (targetClass != null)
- {
- Map<String,String> chains = resolverChains.get(target);
- if (chains != null && chains.containsKey(action))
- {
- return (ResolverChain) BeanManagerHelper.getInstanceByName(manager,
chains.get(action));
- }
- }
-
- if (defaultResolverChain != null &&
!"".equals(defaultResolverChain))
- {
- return (ResolverChain)
BeanManagerHelper.getInstanceByName(manager,defaultResolverChain);
- }
*/
-
- return createDefaultResolverChain();
+ // TODO more customisation of resolver chains
+
+ return defaultResolverChain;
}
public boolean resolvePermission(Object target, String action)
@@ -83,11 +78,11 @@
return false;
}
- public void filterByPermission(Collection collection, String action)
+ public void filterByPermission(Collection<?> collection, String action)
{
boolean homogenous = true;
- Class targetClass = null;
+ Class<?> targetClass = null;
for (Object target : collection)
{
if (targetClass == null) targetClass = target.getClass();
@@ -114,7 +109,7 @@
}
else
{
- Map<Class,Set<Object>> deniedByClass = new
HashMap<Class,Set<Object>>();
+ Map<Class<?>,Set<Object>> deniedByClass = new
HashMap<Class<?>,Set<Object>>();
for (Object obj : collection)
{
if (!deniedByClass.containsKey(obj.getClass()))
@@ -129,7 +124,7 @@
}
}
- for (Class cls : deniedByClass.keySet())
+ for (Class<?> cls : deniedByClass.keySet())
{
Set<Object> denied = deniedByClass.get(cls);
List<PermissionResolver> resolvers = getResolvers(cls, action);
@@ -145,17 +140,4 @@
}
}
}
-
- @Produces public @SessionScoped List<PermissionResolver>
createDefaultResolverChain()
- {
- List<PermissionResolver> resolvers = new
ArrayList<PermissionResolver>();
-
- Set<Bean<?>> beans = manager.getBeans(PermissionResolver.class);
- for (Bean<?> resolverBean : beans)
- {
- resolvers.add((PermissionResolver) manager.getReference(resolverBean,
PermissionResolver.class, manager.createCreationalContext(resolverBean)));
- }
-
- return resolvers;
- }
}