[jboss-cvs] jboss-seam/src/main/org/jboss/seam/security ...

Shane Bryzak Shane_Bryzak at symantec.com
Thu Oct 19 21:00:31 EDT 2006 

  User: sbryzak2
  Date: 06/10/19 21:00:31

  Modified:    src/main/org/jboss/seam/security  SeamSecurityManager.java
  Log:
  modified permission check logic
  
  Revision  Changes    Path
  1.9       +25 -12    jboss-seam/src/main/org/jboss/seam/security/SeamSecurityManager.java
  
  (In the diff below, changes in quantity of whitespace are not shown.)
  
  Index: SeamSecurityManager.java
  ===================================================================
  RCS file: /cvsroot/jboss/jboss-seam/src/main/org/jboss/seam/security/SeamSecurityManager.java,v
  retrieving revision 1.8
  retrieving revision 1.9
  diff -u -b -r1.8 -r1.9
  --- SeamSecurityManager.java	19 Oct 2006 05:30:28 -0000	1.8
  +++ SeamSecurityManager.java	20 Oct 2006 01:00:31 -0000	1.9
  @@ -133,24 +133,37 @@
       checkPermission(meta.getName(), action, obj, (AclProvider) provider);
     }
   
  +  /**
  +   * Checks the permission specified by name and action for an object.  If an
  +   * AclProvider is specified, then only an ACL check will be carried out using
  +   * the provider.  Otherwise, the permissions implied by the roles held by the
  +   * currently authenticated user will be checked.
  +   *
  +   * A SecurityException is thrown if the currently authenticated user does not
  +   * have the necessary permission for the specified object.
  +   *
  +   * @param name String The name of the permission
  +   * @param action String The action
  +   * @param obj Object The object to be checked
  +   * @param aclProvider AclProvider ACL Provider for the specified object, or null if no provider
  +   */
     private void checkPermission(String name, String action, Object obj, AclProvider aclProvider)
     {
       Permission required = new SeamPermission(name, action);
   
  -    for (String role : Authentication.instance().getRoles())
  -    {
  -      Set<Permission> permissions = rolePermissions.get(role);
  -      if (permissions != null)
  +    if (aclProvider != null)
         {
  -        if (permissions.contains(required))
  -        {
  -          if (aclProvider == null)
  -            return;
  -
             Acl acl = aclProvider.getAcls(obj, Authentication.instance());
  -          if (acl.checkPermission(Authentication.instance(), new SeamPermission(name, action)))
  +      if (acl != null && acl.checkPermission(Authentication.instance(), required))
               return;
           }
  +    else
  +    {
  +      for (String role : Authentication.instance().getRoles())
  +      {
  +        Set<Permission> permissions = rolePermissions.get(role);
  +        if (permissions != null && permissions.contains(required))
  +          return;
         }
       }

More information about the jboss-cvs-commits mailing list