Author: shane.bryzak(a)jboss.com Date: 2008-04-14 00:13:40 -0400 (Mon, 14 Apr 2008) New Revision: 7931 Added: trunk/src/main/org/jboss/seam/security/management/BeanProperty.java Modified: trunk/src/main/org/jboss/seam/security/management/JpaIdentityStore.java trunk/src/main/org/jboss/seam/security/permission/dynamic/DynamicPermissionResolver.java trunk/src/main/org/jboss/seam/security/permission/dynamic/JpaDynamicPermissionStore.java Log: minor refactoring, initial configuration work for JpaDynamicPermissionStore Added: trunk/src/main/org/jboss/seam/security/management/BeanProperty.java =================================================================== --- trunk/src/main/org/jboss/seam/security/management/BeanProperty.java (rev 0) +++ trunk/src/main/org/jboss/seam/security/management/BeanProperty.java 2008-04-14 04:13:40 UTC (rev 7931) @@ -0,0 +1,173 @@ +package org.jboss.seam.security.management; + +import java.lang.annotation.Annotation; +import java.lang.reflect.Field; +import java.lang.reflect.Method; + +/** + * A convenience class for working with an annotated property (either a field or method) of + * a JavaBean class. + * + * @author Shane Bryzak + */ +public class BeanProperty +{ + private Field propertyField; + private Method propertyGetter; + private Method propertySetter; + private Annotation annotation; + private String name; + private Class propertyClass; + + private boolean isFieldProperty; + + private BeanProperty(Field propertyField, Annotation annotation) + { + this.propertyField = propertyField; + isFieldProperty = true; + this.annotation = annotation; + this.name = propertyField.getName(); + this.propertyClass = propertyField.getDeclaringClass(); + } + + private BeanProperty(Method propertyMethod, Annotation annotation) + { + if (!(propertyMethod.getName().startsWith("get") || (propertyMethod.getName().startsWith("is")))) + { + throw new IllegalArgumentException("Bean property method name " + propertyMethod.getClass().getName() + + "." + propertyMethod.getName() + "() must start with \"get\" or \"is\"."); + } + + if (propertyMethod.getReturnType().equals(void.class) || propertyMethod.getParameterTypes().length > 0) + { + throw new IllegalArgumentException("Bean property method " + propertyMethod.getClass().getName() + + "." + propertyMethod.getName() + "() must return a value and take no parameters"); + } + + this.propertyGetter = propertyMethod; + this.propertyClass = propertyMethod.getReturnType(); + + String methodName = propertyMethod.getName(); + + this.name = methodName.startsWith("get") ? + (methodName.substring(3,4).toLowerCase() + methodName.substring(4)) : + (methodName.substring(2,3).toLowerCase() + methodName.substring(3)); + + String setterName = propertyMethod.getName().startsWith("get") ? + ("set" + methodName.substring(3)) : ("set" + methodName.substring(2)); + + try + { + propertySetter = propertyMethod.getDeclaringClass().getMethod(setterName, new Class[] {propertyMethod.getReturnType()}); + } + catch (NoSuchMethodException ex) + { + throw new IllegalArgumentException("Bean property method " + propertyMethod.getClass().getName() + + "." + propertyMethod.getName() + "() must have a corresponding setter method."); + } + + isFieldProperty = false; + this.annotation = annotation; + } + + public void setValue(Object bean, Object value) + { + if (isFieldProperty) + { + boolean accessible = propertyField.isAccessible(); + try + { + propertyField.setAccessible(true); + propertyField.set(bean, value); + } + catch (IllegalAccessException ex) + { + throw new RuntimeException("Exception setting bean property", ex); + } + finally + { + propertyField.setAccessible(accessible); + } + } + else + { + try + { + propertySetter.invoke(bean, value); + } + catch (Exception ex) + { + throw new RuntimeException("Exception setting bean property", ex); + } + } + } + + public Object getValue(Object bean) + { + if (isFieldProperty) + { + boolean accessible = propertyField.isAccessible(); + try + { + propertyField.setAccessible(true); + return propertyField.get(bean); + } + catch (IllegalAccessException ex) + { + throw new RuntimeException("Exception getting bean property", ex); + } + finally + { + propertyField.setAccessible(accessible); + } + } + else + { + try + { + return propertyGetter.invoke(bean); + } + catch (Exception ex) + { + throw new RuntimeException("Exception getting bean property", ex); + } + } + } + + public Annotation getAnnotation() + { + return annotation; + } + + public String getName() + { + return name; + } + + public Class getPropertyClass() + { + return propertyClass; + } + + + public static BeanProperty scanForProperty(Class cls, Class<? extends Annotation> annotation) + { + for (Field f : cls.getFields()) + { + if (f.isAnnotationPresent(annotation)) + { + return new BeanProperty(f, f.getAnnotation(annotation)); + } + } + + for (Method m : cls.getMethods()) + { + if (m.isAnnotationPresent(annotation)) + { + return new BeanProperty(m, m.getAnnotation(annotation)); + } + } + + return null; + } +} \ No newline at end of file Modified: trunk/src/main/org/jboss/seam/security/management/JpaIdentityStore.java =================================================================== --- trunk/src/main/org/jboss/seam/security/management/JpaIdentityStore.java 2008-04-14 04:11:00 UTC (rev 7930) +++ trunk/src/main/org/jboss/seam/security/management/JpaIdentityStore.java 2008-04-14 04:13:40 UTC (rev 7931) @@ -4,9 +4,6 @@ import static org.jboss.seam.annotations.Install.BUILT_IN; import java.io.Serializable; -import java.lang.annotation.Annotation; -import java.lang.reflect.Field; -import java.lang.reflect.Method; import java.util.ArrayList; import java.util.Collection; import java.util.HashSet; @@ -62,148 +59,8 @@ private ValueExpression<EntityManager> entityManager; private Class userClass; - private Class roleClass; + private Class roleClass; - protected final class BeanProperty - { - private Field propertyField; - private Method propertyGetter; - private Method propertySetter; - private Annotation annotation; - private String name; - private Class propertyClass; - - private boolean isFieldProperty; - - public BeanProperty(Field propertyField, Annotation annotation) - { - this.propertyField = propertyField; - isFieldProperty = true; - this.annotation = annotation; - this.name = propertyField.getName(); - this.propertyClass = propertyField.getDeclaringClass(); - } - - public BeanProperty(Method propertyMethod, Annotation annotation) - { - if (!(propertyMethod.getName().startsWith("get") || (propertyMethod.getName().startsWith("is")))) - { - throw new IllegalArgumentException("Bean property method name " + propertyMethod.getClass().getName() + - "." + propertyMethod.getName() + "() must start with \"get\" or \"is\"."); - } - - if (propertyMethod.getReturnType().equals(void.class) || propertyMethod.getParameterTypes().length > 0) - { - throw new IllegalArgumentException("Bean property method " + propertyMethod.getClass().getName() + - "." + propertyMethod.getName() + "() must return a value and take no parameters"); - } - - this.propertyGetter = propertyMethod; - this.propertyClass = propertyMethod.getReturnType(); - - String methodName = propertyMethod.getName(); - - this.name = methodName.startsWith("get") ? - (methodName.substring(3,4).toLowerCase() + methodName.substring(4)) : - (methodName.substring(2,3).toLowerCase() + methodName.substring(3)); - - String setterName = propertyMethod.getName().startsWith("get") ? - ("set" + methodName.substring(3)) : ("set" + methodName.substring(2)); - - try - { - propertySetter = propertyMethod.getDeclaringClass().getMethod(setterName, new Class[] {propertyMethod.getReturnType()}); - } - catch (NoSuchMethodException ex) - { - throw new IllegalArgumentException("Bean property method " + propertyMethod.getClass().getName() + - "." + propertyMethod.getName() + "() must have a corresponding setter method."); - } - - isFieldProperty = false; - this.annotation = annotation; - } - - public void setValue(Object bean, Object value) - { - if (isFieldProperty) - { - boolean accessible = propertyField.isAccessible(); - try - { - propertyField.setAccessible(true); - propertyField.set(bean, value); - } - catch (IllegalAccessException ex) - { - throw new RuntimeException("Exception setting bean property", ex); - } - finally - { - propertyField.setAccessible(accessible); - } - } - else - { - try - { - propertySetter.invoke(bean, value); - } - catch (Exception ex) - { - throw new RuntimeException("Exception setting bean property", ex); - } - } - } - - public Object getValue(Object bean) - { - if (isFieldProperty) - { - boolean accessible = propertyField.isAccessible(); - try - { - propertyField.setAccessible(true); - return propertyField.get(bean); - } - catch (IllegalAccessException ex) - { - throw new RuntimeException("Exception getting bean property", ex); - } - finally - { - propertyField.setAccessible(accessible); - } - } - else - { - try - { - return propertyGetter.invoke(bean); - } - catch (Exception ex) - { - throw new RuntimeException("Exception getting bean property", ex); - } - } - } - - public Annotation getAnnotation() - { - return annotation; - } - - public String getName() - { - return name; - } - - public Class getPropertyClass() - { - return propertyClass; - } - } - private BeanProperty userPrincipalProperty; private BeanProperty userPasswordProperty; private BeanProperty userRolesProperty; @@ -259,15 +116,15 @@ private void initProperties() { - userPrincipalProperty = scanForProperty(userClass, UserPrincipal.class); - userPasswordProperty = scanForProperty(userClass, UserPassword.class); - userRolesProperty = scanForProperty(userClass, UserRoles.class); - userEnabledProperty = scanForProperty(userClass, UserEnabled.class); - userFirstNameProperty = scanForProperty(userClass, UserFirstName.class); - userLastNameProperty = scanForProperty(userClass, UserLastName.class); + userPrincipalProperty = BeanProperty.scanForProperty(userClass, UserPrincipal.class); + userPasswordProperty = BeanProperty.scanForProperty(userClass, UserPassword.class); + userRolesProperty = BeanProperty.scanForProperty(userClass, UserRoles.class); + userEnabledProperty = BeanProperty.scanForProperty(userClass, UserEnabled.class); + userFirstNameProperty = BeanProperty.scanForProperty(userClass, UserFirstName.class); + userLastNameProperty = BeanProperty.scanForProperty(userClass, UserLastName.class); - roleNameProperty = scanForProperty(roleClass, RoleName.class); - roleGroupsProperty = scanForProperty(roleClass, RoleGroups.class); + roleNameProperty = BeanProperty.scanForProperty(roleClass, RoleName.class); + roleGroupsProperty = BeanProperty.scanForProperty(roleClass, RoleGroups.class); if (userPrincipalProperty == null) { @@ -294,27 +151,6 @@ } } - private BeanProperty scanForProperty(Class cls, Class<? extends Annotation> annotation) - { - for (Field f : cls.getFields()) - { - if (f.isAnnotationPresent(annotation)) - { - return new BeanProperty(f, f.getAnnotation(annotation)); - } - } - - for (Method m : cls.getMethods()) - { - if (m.isAnnotationPresent(annotation)) - { - return new BeanProperty(m, m.getAnnotation(annotation)); - } - } - - return null; - } - public boolean createUser(String username, String password, String firstname, String lastname) { try Modified: trunk/src/main/org/jboss/seam/security/permission/dynamic/DynamicPermissionResolver.java =================================================================== --- trunk/src/main/org/jboss/seam/security/permission/dynamic/DynamicPermissionResolver.java 2008-04-14 04:11:00 UTC (rev 7930) +++ trunk/src/main/org/jboss/seam/security/permission/dynamic/DynamicPermissionResolver.java 2008-04-14 04:13:40 UTC (rev 7931) @@ -34,7 +34,7 @@ @Startup public class DynamicPermissionResolver implements PermissionResolver, Serializable { - private static final String DEFAULT_PERMISSION_STORE_NAME = "accountPermissionStore"; + private static final String DEFAULT_PERMISSION_STORE_NAME = "jpaDynamicPermissionStore"; private PermissionStore permissionStore; @@ -90,7 +90,7 @@ for (Permission permission : permissions) { - if (username.equals(permission.getRecipient())) + if (username.equals(permission.getRecipient().getName())) { return true; } Modified: trunk/src/main/org/jboss/seam/security/permission/dynamic/JpaDynamicPermissionStore.java =================================================================== --- trunk/src/main/org/jboss/seam/security/permission/dynamic/JpaDynamicPermissionStore.java 2008-04-14 04:11:00 UTC (rev 7930) +++ trunk/src/main/org/jboss/seam/security/permission/dynamic/JpaDynamicPermissionStore.java 2008-04-14 04:13:40 UTC (rev 7931) @@ -1,6 +1,7 @@ package org.jboss.seam.security.permission.dynamic; import static org.jboss.seam.ScopeType.APPLICATION; +import static org.jboss.seam.annotations.Install.BUILT_IN; import java.io.Serializable; import java.util.List; @@ -8,9 +9,22 @@ import javax.persistence.EntityManager; import javax.persistence.NoResultException; -import org.jboss.seam.Component; +import org.jboss.seam.annotations.Create; +import org.jboss.seam.annotations.Install; +import org.jboss.seam.annotations.Name; import org.jboss.seam.annotations.Scope; import org.jboss.seam.annotations.intercept.BypassInterceptors; +import org.jboss.seam.annotations.security.permission.PermissionAction; +import org.jboss.seam.annotations.security.permission.PermissionDiscriminator; +import org.jboss.seam.annotations.security.permission.PermissionRole; +import org.jboss.seam.annotations.security.permission.PermissionTarget; +import org.jboss.seam.annotations.security.permission.PermissionUser; +import org.jboss.seam.core.Expressions; +import org.jboss.seam.core.Expressions.ValueExpression; +import org.jboss.seam.log.LogProvider; +import org.jboss.seam.log.Logging; +import org.jboss.seam.security.management.BeanProperty; +import org.jboss.seam.security.management.IdentityManagementException; import org.jboss.seam.security.permission.Permission; import org.jboss.seam.security.permission.PermissionStore; @@ -19,29 +33,94 @@ * * @author Shane Bryzak */ +(a)Name(&quot;org.jboss.seam.security.permission.jpaDynamicPermissionStore&quot;) +@Install(precedence = BUILT_IN, value=false) @Scope(APPLICATION) @BypassInterceptors public class JpaDynamicPermissionStore implements PermissionStore, Serializable { - private String entityManagerName = "entityManager"; + private static final LogProvider log = Logging.getLogProvider(JpaDynamicPermissionStore.class); - private Class permissionClass; + private ValueExpression<EntityManager> entityManager; + private Class userPermissionClass; + private Class rolePermissionClass; + + private BeanProperty userProperty; + private BeanProperty roleProperty; + + private BeanProperty targetProperty; + private BeanProperty actionProperty; + private BeanProperty discriminatorProperty; + + private BeanProperty roleTargetProperty; + private BeanProperty roleActionProperty; + + @Create + public void init() + { + if (userPermissionClass == null) + { + log.debug("No permissionClass set, JpaDynamicPermissionStore will be unavailable."); + return; + } + + if (entityManager == null) + { + entityManager = Expressions.instance().createValueExpression("#{entityManager}", EntityManager.class); + } + + initProperties(); + } + + private void initProperties() + { + userProperty = BeanProperty.scanForProperty(userPermissionClass, PermissionUser.class); + targetProperty = BeanProperty.scanForProperty(userPermissionClass, PermissionTarget.class); + actionProperty = BeanProperty.scanForProperty(userPermissionClass, PermissionAction.class); + + if (rolePermissionClass != null) + { + roleProperty = BeanProperty.scanForProperty(rolePermissionClass, PermissionRole.class); + if (roleProperty != null) + { + roleTargetProperty = BeanProperty.scanForProperty(rolePermissionClass, PermissionTarget.class); + roleActionProperty = BeanProperty.scanForProperty(rolePermissionClass, PermissionAction.class); + } + } + else + { + roleProperty = BeanProperty.scanForProperty(userPermissionClass, PermissionRole.class); + if (roleProperty != null) + { + discriminatorProperty = BeanProperty.scanForProperty(userPermissionClass, PermissionDiscriminator.class); + } + } + + if (userProperty == null) + { + throw new IdentityManagementException("Invalid userPermissionClass " + userPermissionClass.getName() + + " - required annotation @PermissionUser not found on any Field or Method."); + } + + // TODO additional validation checks for both permission classes + } + public boolean grantPermission(Permission permission) { try { - if (permissionClass == null) + if (userPermissionClass == null) { throw new RuntimeException("Could not grant permission, permissionClass not set"); } - Object instance = permissionClass.newInstance(); + Object instance = userPermissionClass.newInstance(); // instance.setTarget(permission.getTarget()); // instance.setAction(permission.getAction()); // instance.setAccount(permission.getRecipient()); - getEntityManager().persist(instance); + lookupEntityManager().persist(instance); return true; } @@ -55,10 +134,10 @@ { try { - EntityManager em = getEntityManager(); + EntityManager em = lookupEntityManager(); Object instance = em.createQuery( - "from " + permissionClass.getName() + + "from " + userPermissionClass.getName() + " where target = :target and action = :action and account = :account " + " and accountType = :accountType") .setParameter("target", permission.getTarget()) @@ -77,8 +156,8 @@ public List<Permission> listPermissions(Object target, String action) { - return getEntityManager().createQuery( - "from " + permissionClass.getName() + + return lookupEntityManager().createQuery( + "from " + userPermissionClass.getName() + " where target = :target and action = :action") .setParameter("target", target) .setParameter("action", action) @@ -87,34 +166,44 @@ public List<Permission> listPermissions(Object target) { - return getEntityManager().createQuery( - "from " + permissionClass.getName() + " where target = :target") + return lookupEntityManager().createQuery( + "from " + userPermissionClass.getName() + " where target = :target") .setParameter("target", target) .getResultList(); } - private EntityManager getEntityManager() + private EntityManager lookupEntityManager() { - return (EntityManager) Component.getInstance(entityManagerName); + return entityManager.getValue(); } - public String getEntityManagerName() + public ValueExpression getEntityManager() { - return entityManagerName; + return entityManager; } - public void setEntityManagerName(String name) + public void setEntityManager(ValueExpression expression) { - this.entityManagerName = name; - } + this.entityManager = expression; + } - public Class getPermissionClass() + public Class getUserPermissionClass() { - return permissionClass; + return userPermissionClass; } - public void setPermissionClass(Class permissionClass) + public void setUserPermissionClass(Class userPermissionClass) { - this.permissionClass = permissionClass; + this.userPermissionClass = userPermissionClass; } + + public Class getRolePermissionClass() + { + return rolePermissionClass; + } + + public void setRolePermissionClass(Class rolePermissionClass) + { + this.rolePermissionClass = rolePermissionClass; + } }