Author: shane.bryzak(a)jboss.com Date: 2010-01-13 05:35:44 -0500 (Wed, 13 Jan 2010) New Revision: 11950 Modified: modules/security/trunk/src/main/java/org/jboss/seam/security/Identity.java modules/security/trunk/src/main/java/org/jboss/seam/security/RememberMe.java modules/security/trunk/src/main/java/org/jboss/seam/security/SecurityEventMessages.java modules/security/trunk/src/main/java/org/jboss/seam/security/SecurityInterceptor.java modules/security/trunk/src/main/java/org/jboss/seam/security/permission/EntityIdentifierStrategy.java modules/security/trunk/src/main/java/org/jboss/seam/security/permission/JpaPermissionStore.java modules/security/trunk/src/main/java/org/jboss/seam/security/permission/PermissionManager.java modules/security/trunk/src/main/java/org/jboss/seam/security/permission/PermissionMapper.java modules/security/trunk/src/main/java/org/jboss/seam/security/permission/PersistentPermissionResolver.java modules/security/trunk/src/main/java/org/jboss/seam/security/permission/RuleBasedPermissionResolver.java Log: fixed remaining compiler errors Modified: modules/security/trunk/src/main/java/org/jboss/seam/security/Identity.java =================================================================== --- modules/security/trunk/src/main/java/org/jboss/seam/security/Identity.java 2010-01-13 08:54:19 UTC (rev 11949) +++ modules/security/trunk/src/main/java/org/jboss/seam/security/Identity.java 2010-01-13 10:35:44 UTC (rev 11950) @@ -27,7 +27,6 @@ import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; -import org.jboss.seam.el.Expressions; import org.jboss.seam.security.callbacks.AuthenticatorCallback; import org.jboss.seam.security.callbacks.IdentityCallback; import org.jboss.seam.security.callbacks.IdentityManagerCallback; @@ -66,7 +65,6 @@ @Inject private BeanManager manager; @Inject private Credentials credentials; @Inject private PermissionMapper permissionMapper; - @Inject private Expressions expressions; @Inject private IdentityManager identityManager; @@ -150,6 +148,9 @@ * the user is authenticated */ // QUESTION should we add the dependency on el-api for the sake of avoiding reinstantiating the VE? + + // TODO redesign restrictions system to be typesafe + /* public void checkRestriction(ValueExpression expression) { if (!securityEnabled) @@ -174,7 +175,7 @@ "Authorization check failed for expression [%s]", expression.getExpressionString())); } } - } + }*/ /** * Performs an authorization check, based on the specified security expression string. @@ -185,6 +186,8 @@ * @throws AuthorizationException Thrown if the authorization check fails and * the user is authenticated */ + + /* public void checkRestriction(String expr) { if (!securityEnabled) @@ -193,7 +196,7 @@ } checkRestriction(expressions.createValueExpression(expr, Boolean.class).toUnifiedValueExpression()); - } + }*/ /** * Attempts to authenticate the user. This method is distinct to the @@ -626,10 +629,11 @@ * @param expr String The expression to evaluate * @return boolean The result of the expression evaluation */ + /* protected boolean evaluateExpression(String expr) { return expressions.createValueExpression(expr, Boolean.class).getValue(); - } + }*/ public String getJaasConfigName() { Modified: modules/security/trunk/src/main/java/org/jboss/seam/security/RememberMe.java =================================================================== --- modules/security/trunk/src/main/java/org/jboss/seam/security/RememberMe.java 2010-01-13 08:54:19 UTC (rev 11949) +++ modules/security/trunk/src/main/java/org/jboss/seam/security/RememberMe.java 2010-01-13 10:35:44 UTC (rev 11950) @@ -18,7 +18,7 @@ import org.jboss.seam.security.events.QuietLoginEvent; import org.jboss.seam.security.management.IdentityManager; import org.jboss.seam.security.util.Base64; -import org.jboss.seam.web.ManagedCookie; +//import org.jboss.seam.web.ManagedCookie; /** * Remember-me functionality is provided by this class, in two different flavours. The first mode @@ -28,6 +28,7 @@ * * Use the auto-login mode with caution! * + * * @author Shane Bryzak */ @Named @@ -42,15 +43,17 @@ @Inject Identity identity; @Inject Credentials credentials; @Inject IdentityManager identityManager; + + // Heaps of stuff commented out here because we need to add generic cookie support - private ManagedCookie usernameSelector; - private ManagedCookie tokenSelector; + //private ManagedCookie usernameSelector; + //private ManagedCookie tokenSelector; private TokenStore tokenStore; private boolean enabled; - private int cookieMaxAge = ManagedCookie.DEFAULT_MAX_AGE; + //private int cookieMaxAge = ManagedCookie.DEFAULT_MAX_AGE; private boolean autoLoggedIn; @@ -60,6 +63,7 @@ public RememberMe() {} + /* public @Inject void create() @@ -130,7 +134,7 @@ } } } - } + }*/ public void quietLogin(@Observes QuietLoginEvent event) { @@ -179,7 +183,7 @@ } } } - + /* public void postAuthenticate(@Observes PostAuthenticateEvent event) { if (mode.equals(Mode.usernameOnly)) @@ -218,14 +222,16 @@ } } } + */ + /* public void loggedOut(@Observes LoggedOutEvent event) { if (mode.equals(Mode.autoLogin)) { tokenSelector.clearCookieValue(); } - } + }*/ public Mode getMode() { @@ -242,6 +248,7 @@ return enabled; } + /* public void setEnabled(boolean enabled) { if (this.enabled != enabled) @@ -258,15 +265,16 @@ tokenSelector.setCookieEnabled(enabled); } } - } + }*/ + /* public int getCookieMaxAge() { return cookieMaxAge; } public void setCookieMaxAge(int cookieMaxAge) { this.cookieMaxAge = cookieMaxAge; - } + }*/ public TokenStore getTokenStore() { Modified: modules/security/trunk/src/main/java/org/jboss/seam/security/SecurityEventMessages.java =================================================================== --- modules/security/trunk/src/main/java/org/jboss/seam/security/SecurityEventMessages.java 2010-01-13 08:54:19 UTC (rev 11949) +++ modules/security/trunk/src/main/java/org/jboss/seam/security/SecurityEventMessages.java 2010-01-13 10:35:44 UTC (rev 11950) @@ -4,8 +4,8 @@ import javax.inject.Inject; import javax.enterprise.event.Observes; -import org.jboss.seam.international.StatusMessages; -import org.jboss.seam.international.StatusMessage.Severity; +//import org.jboss.seam.international.StatusMessages; +//import org.jboss.seam.international.StatusMessage.Severity; import org.jboss.seam.security.events.AlreadyLoggedInEvent; import org.jboss.seam.security.events.LoggedInEvent; import org.jboss.seam.security.events.LoginFailedEvent; @@ -32,7 +32,7 @@ private static final String DEFAULT_ALREADY_LOGGED_IN_MESSAGE = "You're already logged in. Please log out first if you wish to log in again."; private static final String DEFAULT_NOT_LOGGED_IN_MESSAGE = "Please log in first."; - @Inject StatusMessages statusMessages; + //@Inject StatusMessages statusMessages; @Inject Credentials credentials; public void postAuthenticate(@Observes PostAuthenticateEvent event) @@ -44,29 +44,48 @@ public void addLoginFailedMessage(@Observes LoginFailedEvent event) { - statusMessages.addFromResourceBundleOrDefault(getLoginFailedMessageSeverity(), getLoginFailedMessageKey(), getDefaultLoginFailedMessage(), event.getLoginException()); + //statusMessages.addFromResourceBundleOrDefault(getLoginFailedMessageSeverity(), getLoginFailedMessageKey(), getDefaultLoginFailedMessage(), event.getLoginException()); } public void addLoginSuccessMessage(@Observes LoggedInEvent event) { - statusMessages.addFromResourceBundleOrDefault(getLoginSuccessfulMessageSeverity(), getLoginSuccessfulMessageKey(), getDefaultLoginSuccessfulMessage(), credentials.getUsername()); + // statusMessages.addFromResourceBundleOrDefault(getLoginSuccessfulMessageSeverity(), getLoginSuccessfulMessageKey(), getDefaultLoginSuccessfulMessage(), credentials.getUsername()); } public void addAlreadyLoggedInMessage(@Observes AlreadyLoggedInEvent event) { - statusMessages.addFromResourceBundleOrDefault(getAlreadyLoggedInMessageSeverity(), getAlreadyLoggedInMessageKey(), getDefaultAlreadyLoggedInMessage()); + //statusMessages.addFromResourceBundleOrDefault(getAlreadyLoggedInMessageSeverity(), getAlreadyLoggedInMessageKey(), getDefaultAlreadyLoggedInMessage()); } public void addNotLoggedInMessage(@Observes NotLoggedInEvent event) { - statusMessages.addFromResourceBundleOrDefault(getNotLoggedInMessageSeverity(), getNotLoggedInMessageKey(), getDefaultNotLoggedInMessage()); + //statusMessages.addFromResourceBundleOrDefault(getNotLoggedInMessageSeverity(), getNotLoggedInMessageKey(), getDefaultNotLoggedInMessage()); } - public Severity getLoginFailedMessageSeverity() + // TODO the following methods should probably be moved to the seam-jsf module, + // or otherwise message severities should be abstracted in seam-international + + /*public Severity getLoginFailedMessageSeverity() { return Severity.INFO; } + + public Severity getLoginSuccessfulMessageSeverity() + { + return Severity.INFO; + } + public Severity getAlreadyLoggedInMessageSeverity() + { + return Severity.INFO; + } + + public Severity getNotLoggedInMessageSeverity() + { + return Severity.WARN; + } +*/ + public String getLoginFailedMessageKey() { return LOGIN_FAILED_MESSAGE_KEY; @@ -77,10 +96,6 @@ return DEFAULT_LOGIN_FAILED_MESSAGE; } - public Severity getLoginSuccessfulMessageSeverity() - { - return Severity.INFO; - } public String getLoginSuccessfulMessageKey() { @@ -91,12 +106,7 @@ { return DEFAULT_LOGIN_SUCCESSFUL_MESSAGE; } - - public Severity getAlreadyLoggedInMessageSeverity() - { - return Severity.INFO; - } - + public String getAlreadyLoggedInMessageKey() { return ALREADY_LOGGED_IN_MESSAGE_KEY; @@ -107,11 +117,6 @@ return DEFAULT_ALREADY_LOGGED_IN_MESSAGE; } - public Severity getNotLoggedInMessageSeverity() - { - return Severity.WARN; - } - public String getNotLoggedInMessageKey() { return NOT_LOGGED_IN_MESSAGE_KEY; Modified: modules/security/trunk/src/main/java/org/jboss/seam/security/SecurityInterceptor.java =================================================================== --- modules/security/trunk/src/main/java/org/jboss/seam/security/SecurityInterceptor.java 2010-01-13 08:54:19 UTC (rev 11949) +++ modules/security/trunk/src/main/java/org/jboss/seam/security/SecurityInterceptor.java 2010-01-13 10:35:44 UTC (rev 11950) @@ -111,10 +111,11 @@ { if (Identity.isSecurityEnabled()) { - if (expression != null) + // TODO rewrite EL based restrictions + /*if (expression != null) { identity.checkRestriction(expression); - } + }*/ if (methodRestrictions != null) { Modified: modules/security/trunk/src/main/java/org/jboss/seam/security/permission/EntityIdentifierStrategy.java =================================================================== --- modules/security/trunk/src/main/java/org/jboss/seam/security/permission/EntityIdentifierStrategy.java 2010-01-13 08:54:19 UTC (rev 11949) +++ modules/security/trunk/src/main/java/org/jboss/seam/security/permission/EntityIdentifierStrategy.java 2010-01-13 10:35:44 UTC (rev 11950) @@ -9,7 +9,6 @@ import javax.persistence.Entity; import javax.persistence.EntityManager; -import org.jboss.seam.el.Expressions; import org.jboss.seam.security.annotations.permission.Identifier; import org.jboss.seam.security.util.Strings; Modified: modules/security/trunk/src/main/java/org/jboss/seam/security/permission/JpaPermissionStore.java =================================================================== --- modules/security/trunk/src/main/java/org/jboss/seam/security/permission/JpaPermissionStore.java 2010-01-13 08:54:19 UTC (rev 11949) +++ modules/security/trunk/src/main/java/org/jboss/seam/security/permission/JpaPermissionStore.java 2010-01-13 10:35:44 UTC (rev 11950) @@ -10,21 +10,21 @@ import java.util.Set; import javax.enterprise.context.ApplicationScoped; +import javax.enterprise.inject.Instance; +import javax.enterprise.inject.spi.BeanManager; import javax.inject.Inject; -import javax.enterprise.inject.spi.BeanManager; import javax.persistence.EntityManager; import javax.persistence.Query; import org.jboss.seam.security.Role; -import org.jboss.seam.security.SimplePrincipal; import org.jboss.seam.security.annotations.permission.PermissionAction; import org.jboss.seam.security.annotations.permission.PermissionDiscriminator; import org.jboss.seam.security.annotations.permission.PermissionRole; import org.jboss.seam.security.annotations.permission.PermissionTarget; import org.jboss.seam.security.annotations.permission.PermissionUser; import org.jboss.seam.security.management.IdentityManager; +import org.jboss.seam.security.management.IdentityStore; import org.jboss.seam.security.management.JpaIdentityStore; -import org.jboss.seam.security.management.JpaIdentityStoreConfig; import org.jboss.seam.security.management.LdapIdentityStore; import org.jboss.seam.security.permission.PermissionMetadata.ActionSet; import org.jboss.seam.security.util.AnnotatedBeanProperty; @@ -65,7 +65,10 @@ @Inject IdentifierPolicy identifierPolicy; @Inject BeanManager manager; @Inject IdentityManager identityManager; + @Inject IdentityStore identityStore; + @Inject Instance<EntityManager> entityManagerInstance; + @Inject public void init() { @@ -526,21 +529,21 @@ protected Object resolvePrincipalEntity(Principal recipient) { boolean recipientIsRole = recipient instanceof Role; + + if (identityStore != null && identityStore instanceof JpaIdentityStore) + { + // TODO review this code - JpaIdentityStore identityStore = BeanManagerHelper.getInstanceByType(manager, JpaIdentityStore.class); - JpaIdentityStoreConfig config = BeanManagerHelper.getInstanceByType(manager, JpaIdentityStoreConfig.class); - - if (identityStore != null) - { - if (recipientIsRole && roleProperty.isSet() && - roleProperty.getPropertyType().equals(config.getRoleEntityClass())) + if (recipientIsRole && roleProperty.isSet() //&& + //roleProperty.getPropertyType().equals(config.getRoleEntityClass())) + ) { - return identityStore.lookupRole(recipient.getName()); + return ((JpaIdentityStore) identityStore).lookupRole(recipient.getName()); } - else if (userProperty.getPropertyType().equals(config.getUserEntityClass())) - { - return identityStore.lookupUser(recipient.getName()); - } + //else if (userProperty.getPropertyType().equals(config.getUserEntityClass())) + //{ + //return ((JpaIdentityStore) identityStore).lookupUser(recipient.getName()); + //} } return recipient.getName(); @@ -549,10 +552,10 @@ protected Principal resolvePrincipal(Object principal, boolean isUser) { identityManager.getRoleIdentityStore(); + + // TODO review this - JpaIdentityStore identityStore = BeanManagerHelper.getInstanceByType(manager, JpaIdentityStore.class); - JpaIdentityStoreConfig config = BeanManagerHelper.getInstanceByType(manager, JpaIdentityStoreConfig.class); - + /* if (principal instanceof String) { return isUser ? new SimplePrincipal((String) principal) : new Role((String) principal, @@ -571,7 +574,7 @@ String name = identityStore.getRoleName(principal); return new Role(name, identityStore.isRoleConditional(name)); } - } + }*/ throw new IllegalArgumentException("Cannot resolve principal name for principal " + principal); } @@ -753,7 +756,7 @@ private EntityManager lookupEntityManager() { - return BeanManagerHelper.getInstanceByType(manager, EntityManager.class); + return entityManagerInstance.get(); } public Class<?> getUserPermissionClass() Modified: modules/security/trunk/src/main/java/org/jboss/seam/security/permission/PermissionManager.java =================================================================== --- modules/security/trunk/src/main/java/org/jboss/seam/security/permission/PermissionManager.java 2010-01-13 08:54:19 UTC (rev 11949) +++ modules/security/trunk/src/main/java/org/jboss/seam/security/permission/PermissionManager.java 2010-01-13 10:35:44 UTC (rev 11950) @@ -7,8 +7,8 @@ import javax.inject.Named; import org.jboss.seam.security.Identity; -import org.jboss.webbeans.log.Log; -import org.jboss.webbeans.log.Logger; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * Permission management component, used to grant or revoke permissions on specific objects or of @@ -25,7 +25,7 @@ public static final String PERMISSION_GRANT = "seam.grant-permission"; public static final String PERMISSION_REVOKE = "seam.revoke-permission"; - @Logger Log log; + private Logger log = LoggerFactory.getLogger(PermissionManager.class); @Inject PermissionStore permissionStore; @Inject Identity identity; Modified: modules/security/trunk/src/main/java/org/jboss/seam/security/permission/PermissionMapper.java =================================================================== --- modules/security/trunk/src/main/java/org/jboss/seam/security/permission/PermissionMapper.java 2010-01-13 08:54:19 UTC (rev 11949) +++ modules/security/trunk/src/main/java/org/jboss/seam/security/permission/PermissionMapper.java 2010-01-13 10:35:44 UTC (rev 11950) @@ -12,7 +12,6 @@ import javax.enterprise.inject.spi.Bean; import javax.enterprise.inject.spi.BeanManager; -import org.jboss.seam.beans.BeanManagerHelper; import org.jboss.seam.security.events.DefaultResolverChainCreatedEvent; /** @@ -35,7 +34,7 @@ private ResolverChain getResolverChain(Object target, String action) { - Class targetClass = null; + Class<?> targetClass = null; if (target instanceof Class) { @@ -47,12 +46,15 @@ // we need to deal with all of these possibilities } + // TODO configure resolver chains differently - scan for all beans of type ResolverChain + + /* if (targetClass != null) { Map<String,String> chains = resolverChains.get(target); if (chains != null && chains.containsKey(action)) { - return (ResolverChain) BeanManagerHelper.getInstanceByName(manager, chains.get(action)); + return (ResolverChain) BeanManagerHelper.getInstanceByName(manager, chains.get(action)); } } @@ -60,6 +62,7 @@ { return (ResolverChain) BeanManagerHelper.getInstanceByName(manager,defaultResolverChain); } + */ return createDefaultResolverChain(); } Modified: modules/security/trunk/src/main/java/org/jboss/seam/security/permission/PersistentPermissionResolver.java =================================================================== --- modules/security/trunk/src/main/java/org/jboss/seam/security/permission/PersistentPermissionResolver.java 2010-01-13 08:54:19 UTC (rev 11949) +++ modules/security/trunk/src/main/java/org/jboss/seam/security/permission/PersistentPermissionResolver.java 2010-01-13 10:35:44 UTC (rev 11950) @@ -5,15 +5,12 @@ import java.util.List; import java.util.Set; -import javax.inject.Inject; import javax.enterprise.inject.spi.BeanManager; +import javax.inject.Inject; -import org.jboss.seam.beans.BeanManagerHelper; import org.jboss.seam.security.Identity; import org.jboss.seam.security.Role; import org.jboss.seam.security.SimplePrincipal; -import org.jboss.webbeans.log.Log; -import org.jboss.webbeans.log.Logger; /** * Resolves dynamically-assigned permissions, mapped to a user or a role, and kept in persistent @@ -24,28 +21,11 @@ public class PersistentPermissionResolver implements PermissionResolver, Serializable { private static final long serialVersionUID = -603389172032219059L; - - private PermissionStore permissionStore; - @Logger Log log; - @Inject BeanManager manager; @Inject Identity identity; @Inject RuleBasedPermissionResolver ruleBasedPermissionResolver; - - @Inject - public void initPermissionStore() - { - if (permissionStore == null) - { - permissionStore = BeanManagerHelper.getInstanceByType(manager, JpaPermissionStore.class); - } - - if (permissionStore == null) - { - log.warn("no permission store available - please install a PermissionStore if persistent permissions are required."); - } - } + @Inject PermissionStore permissionStore; public PermissionStore getPermissionStore() { @@ -103,7 +83,7 @@ String username = identity.getPrincipal().getName(); - Iterator iter = targets.iterator(); + Iterator<?> iter = targets.iterator(); while (iter.hasNext()) { Object target = iter.next(); Modified: modules/security/trunk/src/main/java/org/jboss/seam/security/permission/RuleBasedPermissionResolver.java =================================================================== --- modules/security/trunk/src/main/java/org/jboss/seam/security/permission/RuleBasedPermissionResolver.java 2010-01-13 08:54:19 UTC (rev 11949) +++ modules/security/trunk/src/main/java/org/jboss/seam/security/permission/RuleBasedPermissionResolver.java 2010-01-13 10:35:44 UTC (rev 11950) @@ -17,14 +17,14 @@ import org.drools.FactHandle; import org.drools.RuleBase; import org.drools.StatefulSession; -import org.drools.base.ClassObjectFilter; +import org.drools.ClassObjectFilter; import org.jboss.seam.drools.SeamGlobalResolver; import org.jboss.seam.security.Identity; import org.jboss.seam.security.Role; import org.jboss.seam.security.events.LoggedOutEvent; import org.jboss.seam.security.events.PostAuthenticateEvent; -import org.jboss.webbeans.log.Log; -import org.jboss.webbeans.log.Logger; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * A permission resolver that uses a Drools rule base to perform permission checks @@ -36,7 +36,7 @@ { private static final long serialVersionUID = -7572627522601793024L; - @Logger Log log; + private Logger log = LoggerFactory.getLogger(RuleBasedPermissionResolver.class); private StatefulSession securityContext; @@ -214,7 +214,8 @@ Principal role = (Principal) e.nextElement(); boolean found = false; - Iterator<Role> iter = getSecurityContext().iterateObjects(new ClassObjectFilter(Role.class)); + Iterator<Role> iter = (Iterator<Role>) getSecurityContext() + .iterateObjects(new ClassObjectFilter(Role.class)); while (iter.hasNext()) { Role r = iter.next(); @@ -234,7 +235,8 @@ } } - Iterator<Role> iter = getSecurityContext().iterateObjects(new ClassObjectFilter(Role.class)); + Iterator<Role> iter = (Iterator<Role>) getSecurityContext() + .iterateObjects(new ClassObjectFilter(Role.class)); while (iter.hasNext()) { Role r = iter.next();