[jboss-cvs] jboss-seam/src/main/org/jboss/seam/interceptors ...
Shane Bryzak
Shane_Bryzak at symantec.com
Mon Oct 9 19:27:27 EDT 2006
User: sbryzak2
Date: 06/10/09 19:27:27
Modified: src/main/org/jboss/seam/interceptors
SecurityInterceptor.java
Log:
Role-based domain security
Revision Changes Path
1.2 +58 -1 jboss-seam/src/main/org/jboss/seam/interceptors/SecurityInterceptor.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: SecurityInterceptor.java
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/src/main/org/jboss/seam/interceptors/SecurityInterceptor.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -b -r1.1 -r1.2
--- SecurityInterceptor.java 9 Oct 2006 00:50:32 -0000 1.1
+++ SecurityInterceptor.java 9 Oct 2006 23:27:27 -0000 1.2
@@ -7,6 +7,9 @@
import org.jboss.seam.Component;
import org.jboss.seam.annotations.Interceptor;
import org.jboss.seam.annotations.Secure;
+import org.jboss.seam.security.SeamSecurityManager;
+import org.jboss.seam.security.Authentication;
+import org.jboss.seam.security.AuthenticationException;
/**
* Provides authorization services for component invocations.
@@ -40,7 +43,61 @@
{
Method method = invocation.getMethod();
- /** @todo Authorize the user before invoking the method. For now, just go ahead */
+ Secure sec = null;
+ if (method.isAnnotationPresent(Secure.class))
+ sec = method.getAnnotation(Secure.class);
+ else if (method.getDeclaringClass().isAnnotationPresent(Secure.class))
+ sec = method.getDeclaringClass().getAnnotation(Secure.class);
+
+ if (sec != null)
+ {
+ boolean redirectToLogin = false;
+ Authentication auth = null;
+
+ try
+ {
+ auth = Authentication.instance();
+ if (!auth.isValid())
+ redirectToLogin = true;
+ }
+ catch (AuthenticationException ex)
+ {
+ if (String.class.equals(method.getReturnType()))
+ redirectToLogin = true;
+ else
+ throw ex;
+ }
+
+ if (redirectToLogin)
+ {
+ // return SeamSecurityManager.instance().getConfiguration().getLoginAction();
+ /** @todo Get this action from the security config */
+ return "login";
+ }
+
+ // If roles() are specified check them first
+ if (sec.roles().length > 0)
+ {
+ for (String role : sec.roles())
+ {
+ if (auth.isUserInRole(role))
+ return invocation.proceed();
+ }
+ }
+
+ // No roles matched, check permissions
+ if (sec.permissions().length > 0)
+ {
+// SeamSecurityManager.instance().checkAcls();
+ }
+
+ // Authorization has failed.. redirect the user to an error page
+ if (sec.onfail() != null && !"".equals(sec.onfail()))
+ return sec.onfail();
+
+ /** @todo Get this action from the security config */
+ return "error";
+ }
return invocation.proceed();
}
More information about the jboss-cvs-commits
mailing list