[jboss-cvs] jboss-seam/src/main/org/jboss/seam/security ...
Shane Bryzak
Shane_Bryzak at symantec.com
Tue Nov 14 00:24:04 EST 2006
User: sbryzak2
Date: 06/11/14 00:24:04
Modified: src/main/org/jboss/seam/security SeamSecurityManager.java
UsernamePasswordToken.java
Added: src/main/org/jboss/seam/security PermissionHandler.java
Log:
refactored PermissionsMetadata out of SeamSecurityManager
Revision Changes Path
1.14 +29 -114 jboss-seam/src/main/org/jboss/seam/security/SeamSecurityManager.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: SeamSecurityManager.java
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/src/main/org/jboss/seam/security/SeamSecurityManager.java,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -b -r1.13 -r1.14
--- SeamSecurityManager.java 9 Nov 2006 04:18:50 -0000 1.13
+++ SeamSecurityManager.java 14 Nov 2006 05:24:04 -0000 1.14
@@ -1,21 +1,19 @@
package org.jboss.seam.security;
+import static org.jboss.seam.ScopeType.APPLICATION;
+
import java.security.Permissions;
-import java.security.acl.Acl;
import java.security.acl.Permission;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
-import static org.jboss.seam.ScopeType.APPLICATION;
import org.jboss.seam.Component;
import org.jboss.seam.InterceptionType;
import org.jboss.seam.ScopeType;
-import org.jboss.seam.Seam;
import org.jboss.seam.annotations.Intercept;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Scope;
-import org.jboss.seam.annotations.security.DefinePermissions;
import org.jboss.seam.contexts.Contexts;
import org.jboss.seam.security.acl.AclProvider;
import org.jboss.seam.security.acl.IdentityGenerator;
@@ -48,35 +46,10 @@
*/
private Map<String,Set<Permission>> rolePermissions = new HashMap<String,Set<Permission>>();
- private class PermissionsMetadata {
- private String name;
- private Map<String,String> providerNames = new HashMap<String,String>();
-
- public PermissionsMetadata(String name)
- {
- this.name = name;
- }
-
- public String getName()
- {
- return name;
- }
-
- public String getProviderName(String action)
- {
- return providerNames.get(action);
- }
-
- public void addProviderName(String action, String providerName)
- {
- providerNames.put(action, providerName);
- }
- }
-
/**
*
*/
- private Map<Class,PermissionsMetadata> classPermissions = new HashMap<Class,PermissionsMetadata>();
+ private Map<Class,PermissionHandler> permissionHandlers = new HashMap<Class,PermissionHandler>();
public static SeamSecurityManager instance()
{
@@ -125,54 +98,31 @@
this.securityErrorAction = securityErrorAction;
}
- public void checkPermission(String name, String action)
+ public void checkPermission(String permissionName, String action)
{
- checkPermission(name, action, null, null);
+ checkRolePermissions(permissionName, action);
}
public void checkPermission(Object obj, String action)
{
- PermissionsMetadata meta = getClassPermissionMetadata(obj.getClass());
+ PermissionHandler handler = getPermissionHandler(obj.getClass());
- String providerName = meta.getProviderName(action);
- Object provider = null;
+ String providerName = handler.getProviderName(action);
- if (providerName != null && !"".equals(providerName))
- provider = Component.getInstance(providerName, true);
-
- if (!AclProvider.class.isAssignableFrom(provider.getClass()))
- throw new IllegalStateException(String.format(
- "Provider [%s] not instance of AclProvider", provider.toString()));
-
- checkPermission(meta.getName(), action, obj, (AclProvider) provider);
+ if (handler.supportsAclCheck(action))
+ handler.aclCheck(obj, action);
+ else
+ checkRolePermissions(handler.getPermissionName(), action);
}
/**
- * Checks the permission specified by name and action for an object. If an
- * AclProvider is specified, then only an ACL check will be carried out using
- * the provider. Otherwise, the permissions implied by the roles held by the
- * currently authenticated user will be checked.
*
- * A SecurityException is thrown if the currently authenticated user does not
- * have the necessary permission for the specified object.
- *
- * @param name String The name of the permission
- * @param action String The action
- * @param obj Object The object to be checked
- * @param aclProvider AclProvider ACL Provider for the specified object, or null if no provider
+ * @param permissionName
+ * @param action
*/
- private void checkPermission(String name, String action, Object obj, AclProvider aclProvider)
- {
- Permission required = new SeamPermission(name, action);
-
- if (aclProvider != null)
- {
- Acl acl = aclProvider.getAcls(obj, Authentication.instance());
- if (acl != null && acl.checkPermission(Authentication.instance(), required))
- return;
- }
- else
+ private void checkRolePermissions(String permissionName, String action)
{
+ Permission required = new SeamPermission(permissionName, action);
for (String role : Authentication.instance().getRoles())
{
Set<Permission> permissions = rolePermissions.get(role);
@@ -181,57 +131,22 @@
}
}
- throw new SecurityException(String.format(
- "Authenticated principal does not contain required permission %s",
- required));
- }
-
- private PermissionsMetadata getClassPermissionMetadata(Class cls)
- {
- if (!classPermissions.containsKey(cls))
- {
- synchronized(classPermissions)
+ protected PermissionHandler getPermissionHandler(Class cls)
{
- if (!classPermissions.containsKey(cls))
- {
- // Determine the permission name. If it is specified in a @DefinePermissions
- // annotation, use that one, otherwise use the component name. If the object
- // is not a Seam component, use its fully qualified class name.
-
- String name = null;
-
- DefinePermissions def = null;
-
- if (cls.isAnnotationPresent(DefinePermissions.class))
- def = (DefinePermissions) cls.getAnnotation(DefinePermissions.class);
-
- if (def != null && !"".equals(def.name()))
+ if (!permissionHandlers.containsKey(cls))
{
- name = ((DefinePermissions) cls.getAnnotation(DefinePermissions.class)).name();
- }
- else
- name = Seam.getComponentName(cls);
-
- if (name == null)
- name = cls.getName();
-
- PermissionsMetadata meta = new PermissionsMetadata(name);
-
- if (def != null)
+ synchronized(permissionHandlers)
{
- for (org.jboss.seam.annotations.security.AclProvider p : def.permissions())
+ if (!permissionHandlers.containsKey(cls))
{
- meta.addProviderName(p.action(), p.provider());
- }
- }
-
- classPermissions.put(cls, meta);
- return meta;
+ PermissionHandler handler = new PermissionHandler(cls);
+ permissionHandlers.put(cls, handler);
+ return handler;
}
}
}
- return classPermissions.get(cls);
+ return permissionHandlers.get(cls);
}
public Permissions getPermissions(Object value)
1.6 +6 -0 jboss-seam/src/main/org/jboss/seam/security/UsernamePasswordToken.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: UsernamePasswordToken.java
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/src/main/org/jboss/seam/security/UsernamePasswordToken.java,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -b -r1.5 -r1.6
--- UsernamePasswordToken.java 25 Oct 2006 15:14:37 -0000 1.5
+++ UsernamePasswordToken.java 14 Nov 2006 05:24:04 -0000 1.6
@@ -46,4 +46,10 @@
{
return principal;
}
+
+ @Override
+ public String toString()
+ {
+ return String.format("UsernamePasswordToken[%s]", principal.toString());
+ }
}
1.1 date: 2006/11/14 05:24:04; author: sbryzak2; state: Exp;jboss-seam/src/main/org/jboss/seam/security/PermissionHandler.java
Index: PermissionHandler.java
===================================================================
package org.jboss.seam.security;
import java.security.Principal;
import java.security.acl.Acl;
import java.security.acl.Permission;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import org.jboss.seam.Component;
import org.jboss.seam.Seam;
import org.jboss.seam.annotations.security.DefinePermissions;
import org.jboss.seam.security.acl.AclProvider;
/**
*
* @author shane_bryzak
*
*/
public class PermissionHandler
{
private String permissionName;
private Map<String,String> providers = new HashMap<String,String>();
public PermissionHandler(Class cls)
{
DefinePermissions def = null;
if (cls.isAnnotationPresent(DefinePermissions.class))
def = (DefinePermissions) cls.getAnnotation(DefinePermissions.class);
// Determine the permission name. If it is specified in a @DefinePermissions
// annotation, use that one, otherwise use the component name. If the object
// is not a Seam component, use its fully qualified class name.
if (def != null && !"".equals(def.name()))
{
permissionName = ((DefinePermissions) cls.getAnnotation(DefinePermissions.class)).name();
}
else
permissionName = Seam.getComponentName(cls);
if (permissionName == null)
permissionName = cls.getName();
if (def != null)
{
for (org.jboss.seam.annotations.security.AclProvider p : def.permissions())
{
providers.put(p.action(), p.provider());
}
}
}
public String getPermissionName()
{
return permissionName;
}
public String getProviderName(String action)
{
return providers.get(action);
}
public boolean supportsAclCheck(String action)
{
return providers.containsKey(action);
}
/**
* Performs an ACL permission check against the currently authenticated principal.
*
* A SecurityException is thrown if the currently authenticated user does not
* have the necessary permission for the specified object.
*
* @param obj Object The object to be checked
* @param action String The action
*/
public void aclCheck(Object obj, String action)
{
Permission required = new SeamPermission(permissionName, action);
AclProvider provider = (AclProvider) Component.getInstance(providers.get(action), true);
Principal principal = Authentication.instance();
if (provider != null)
{
Acl acl = provider.getAcls(obj, principal);
if (acl != null && acl.checkPermission(principal, required))
return;
}
else
throw new IllegalArgumentException("Invalid action specified - no ACL provider found");
throw new SecurityException(String.format(
"Principal %s failed permission check %s on object [%s].",
principal, required, obj));
}
}
More information about the jboss-cvs-commits
mailing list