[jboss-cvs] jboss-seam/src/main/org/jboss/seam/security ...

Shane Bryzak Shane_Bryzak at symantec.com
Thu Dec 21 00:32:54 EST 2006 

  User: sbryzak2
  Date: 06/12/21 00:32:54

  Modified:    src/main/org/jboss/seam/security   Identity.java
                        SeamSecurityManager.java
  Log:
  assert Identity into working memory only if it exists
  
  Revision  Changes    Path
  1.5       +66 -55    jboss-seam/src/main/org/jboss/seam/security/Identity.java
  
  (In the diff below, changes in quantity of whitespace are not shown.)
  
  Index: Identity.java
  ===================================================================
  RCS file: /cvsroot/jboss/jboss-seam/src/main/org/jboss/seam/security/Identity.java,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -b -r1.4 -r1.5
  --- Identity.java	13 Dec 2006 05:19:40 -0000	1.4
  +++ Identity.java	21 Dec 2006 05:32:54 -0000	1.5
  @@ -8,6 +8,7 @@
   
   import org.jboss.seam.Component;
   import org.jboss.seam.ScopeType;
  +import org.jboss.seam.Seam;
   import org.jboss.seam.annotations.Install;
   import org.jboss.seam.annotations.Name;
   import org.jboss.seam.annotations.Scope;
  @@ -15,10 +16,11 @@
   
   @Name("org.jboss.seam.security.identity")
   @Scope(SESSION)
  - at Install(precedence=BUILT_IN, dependencies = "org.jboss.seam.securityManager")
  + at Install(precedence = BUILT_IN, dependencies = "org.jboss.seam.securityManager")
   public abstract class Identity implements Principal, Serializable
   {
     protected boolean authenticated;
  +
     protected boolean valid;
   
     public static Identity instance()
  @@ -26,10 +28,10 @@
       if (!Contexts.isSessionContextActive())
          throw new IllegalStateException("No active session context");
   
  -    Identity instance = (Identity) Component.getInstance(
  -        Identity.class, ScopeType.SESSION, true);
  +      Identity instance = (Identity) Component.getInstance(Identity.class,
  +            ScopeType.SESSION, true);
   
  -    if (instance==null)
  +      if (instance == null)
       {
         throw new AuthenticationException(
             "No Identity exists in session scope");
  @@ -38,8 +40,17 @@
       return instance;
     }
   
  +   public static boolean isSet()
  +   {
  +      return Contexts.isSessionContextActive()
  +            && Contexts.getSessionContext().isSet(
  +                  Seam.getComponentName(Identity.class));
  +   }
  +
     public abstract Role[] getRoles();
  +
     public abstract Object getCredentials();
  +
     public abstract Object getPrincipal();
   
     public final boolean isAuthenticated()
  
  
  
  1.30      +25 -16    jboss-seam/src/main/org/jboss/seam/security/SeamSecurityManager.java
  
  (In the diff below, changes in quantity of whitespace are not shown.)
  
  Index: SeamSecurityManager.java
  ===================================================================
  RCS file: /cvsroot/jboss/jboss-seam/src/main/org/jboss/seam/security/SeamSecurityManager.java,v
  retrieving revision 1.29
  retrieving revision 1.30
  diff -u -b -r1.29 -r1.30
  --- SeamSecurityManager.java	21 Dec 2006 02:38:28 -0000	1.29
  +++ SeamSecurityManager.java	21 Dec 2006 05:32:54 -0000	1.30
  @@ -159,7 +159,10 @@
         handles.add(wm.assertObject(check));
   
         for (Object o : args)
  +      {
  +         if (o != null)
            handles.add(wm.assertObject(o));
  +      }
   
         wm.fireAllRules();
   
  @@ -179,26 +182,32 @@
         if (!Contexts.isSessionContextActive())
            throw new IllegalStateException("No active session context found.");
   
  -      Context session = Contexts.getSessionContext();
  +      Identity ident = Identity.isSet() ? Identity.instance() : null;
  +      WorkingMemory wm;
   
  -      if (!session.isSet(SECURITY_CONTEXT_NAME))
  +      if (Contexts.getSessionContext().isSet(SECURITY_CONTEXT_NAME))
  +         wm = (WorkingMemory) Contexts.getSessionContext().get(SECURITY_CONTEXT_NAME);
  +      else         
         {
  -         if (!Identity.instance().isValid())
  -            throw new IllegalStateException(
  -                  "Authenticated Identity is not valid");
  +         if (ident != null && !ident.isValid())
  +            throw new IllegalStateException("Authenticated Identity is not valid");
  +
  +         wm = securityRules.newWorkingMemory();
  +         Contexts.getSessionContext().set(SECURITY_CONTEXT_NAME, wm);
  +      }
   
  -         WorkingMemory wm = securityRules.newWorkingMemory();
  -         wm.assertObject(Identity.instance());
  +      // Assert the identity into the working memory if one exists and it hasn't
  +      // been asserted before
  +      if (ident != null && wm.getObjects(ident.getClass()).size() > 0)
  +      {
  +         wm.assertObject(ident);
   
  -         for (Role r : Identity.instance().getRoles())
  +         for (Role r : ident.getRoles())
               wm.assertObject(r);
   
            /** @todo Assert the Identity's explicit permissions also? */
  -
  -         session.set(SECURITY_CONTEXT_NAME, wm);
  -         return wm;
         }
   
  -      return (WorkingMemory) session.get(SECURITY_CONTEXT_NAME);
  +      return wm;
      }
   }

More information about the jboss-cvs-commits mailing list