[jboss-cvs] jboss-seam/src/main/org/jboss/seam/interceptors ...

Mon Oct 9 19:27:27 EDT 2006

  User: sbryzak2
  Date: 06/10/09 19:27:27

  Modified:    src/main/org/jboss/seam/interceptors 
                        SecurityInterceptor.java
  Log:
  Role-based domain security
  
  Revision  Changes    Path
  1.2       +58 -1     jboss-seam/src/main/org/jboss/seam/interceptors/SecurityInterceptor.java
  
  (In the diff below, changes in quantity of whitespace are not shown.)
  
  Index: SecurityInterceptor.java
  ===================================================================
  RCS file: /cvsroot/jboss/jboss-seam/src/main/org/jboss/seam/interceptors/SecurityInterceptor.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -b -r1.1 -r1.2
  --- SecurityInterceptor.java	9 Oct 2006 00:50:32 -0000	1.1
  +++ SecurityInterceptor.java	9 Oct 2006 23:27:27 -0000	1.2
  @@ -7,6 +7,9 @@
   import org.jboss.seam.Component;
   import org.jboss.seam.annotations.Interceptor;
   import org.jboss.seam.annotations.Secure;
  +import org.jboss.seam.security.SeamSecurityManager;
  +import org.jboss.seam.security.Authentication;
  +import org.jboss.seam.security.AuthenticationException;
   
   /**
    * Provides authorization services for component invocations.
  @@ -40,7 +43,61 @@
     {
       Method method = invocation.getMethod();
   
  -    /** @todo Authorize the user before invoking the method.  For now, just go ahead */
  +    Secure sec = null;
  +    if (method.isAnnotationPresent(Secure.class))
  +      sec = method.getAnnotation(Secure.class);
  +    else if (method.getDeclaringClass().isAnnotationPresent(Secure.class))
  +      sec = method.getDeclaringClass().getAnnotation(Secure.class);
  +
  +    if (sec != null)
  +    {
  +      boolean redirectToLogin = false;
  +      Authentication auth = null;
  +
  +      try
  +      {
  +        auth = Authentication.instance();
  +        if (!auth.isValid())
  +          redirectToLogin = true;
  +      }
  +      catch (AuthenticationException ex)
  +      {
  +        if (String.class.equals(method.getReturnType()))
  +          redirectToLogin = true;
  +        else
  +          throw ex;
  +      }
  +
  +      if (redirectToLogin)
  +      {
  +        //          return SeamSecurityManager.instance().getConfiguration().getLoginAction();
  +                  /** @todo Get this action from the security config */
  +          return "login";
  +      }
  +
  +      // If roles() are specified check them first
  +      if (sec.roles().length > 0)
  +      {
  +        for (String role : sec.roles())
  +        {
  +          if (auth.isUserInRole(role))
  +            return invocation.proceed();
  +        }
  +      }
  +
  +      // No roles matched, check permissions
  +      if (sec.permissions().length > 0)
  +      {
  +//        SeamSecurityManager.instance().checkAcls();
  +      }
  +
  +      // Authorization has failed.. redirect the user to an error page
  +      if (sec.onfail() != null && !"".equals(sec.onfail()))
  +        return sec.onfail();
  +
  +      /** @todo Get this action from the security config */
  +      return "error";
  +    }
   
       return invocation.proceed();
     }