[jboss-cvs] jboss-seam/src/main/org/jboss/seam/security/management ...
Shane Bryzak
sbryzak at redhat.com
Sun Dec 9 20:58:48 EST 2007
User: sbryzak2
Date: 07/12/09 20:58:47
Modified: src/main/org/jboss/seam/security/management
IdentityManager.java IdentityStore.java
JpaIdentityStore.java UserAccount.java
Added: src/main/org/jboss/seam/security/management
IdentityManagementException.java
Removed: src/main/org/jboss/seam/security/management
CreateAccountException.java
Log:
identity management
Revision Changes Path
1.2 +32 -0 jboss-seam/src/main/org/jboss/seam/security/management/IdentityManager.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: IdentityManager.java
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/src/main/org/jboss/seam/security/management/IdentityManager.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -b -r1.1 -r1.2
--- IdentityManager.java 5 Dec 2007 07:16:19 -0000 1.1
+++ IdentityManager.java 10 Dec 2007 01:58:47 -0000 1.2
@@ -3,6 +3,8 @@
import static org.jboss.seam.ScopeType.APPLICATION;
import static org.jboss.seam.annotations.Install.BUILT_IN;
+import java.util.List;
+
import org.jboss.seam.Component;
import org.jboss.seam.ScopeType;
import org.jboss.seam.annotations.Create;
@@ -72,6 +74,36 @@
return identityStore.createAccount(username, password);
}
+ public boolean grantRole(String name, String role)
+ {
+ return identityStore.grantRole(name, role);
+ }
+
+ public boolean revokeRole(String name, String role)
+ {
+ return identityStore.revokeRole(name, role);
+ }
+
+ public List<String> listUsers()
+ {
+ return identityStore.listUsers();
+ }
+
+ public List<String> listUsers(String filter)
+ {
+ return identityStore.listUsers(filter);
+ }
+
+ public List<String> listRoles()
+ {
+ return identityStore.listRoles();
+ }
+
+ public List<String> getGrantedRoles(String name)
+ {
+ return identityStore.getGrantedRoles(name);
+ }
+
public IdentityStore getIdentityStore()
{
return identityStore;
1.2 +13 -2 jboss-seam/src/main/org/jboss/seam/security/management/IdentityStore.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: IdentityStore.java
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/src/main/org/jboss/seam/security/management/IdentityStore.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -b -r1.1 -r1.2
--- IdentityStore.java 5 Dec 2007 07:16:19 -0000 1.1
+++ IdentityStore.java 10 Dec 2007 01:58:47 -0000 1.2
@@ -1,6 +1,7 @@
package org.jboss.seam.security.management;
import java.security.MessageDigest;
+import java.util.List;
import org.jboss.seam.util.Hex;
@@ -17,14 +18,24 @@
protected abstract UserAccount createAccount(String username, String password);
- protected void hashAccountPassword(UserAccount account, String password)
+ protected abstract boolean grantRole(String name, String role);
+ protected abstract boolean revokeRole(String name, String role);
+
+ protected abstract List<String> listUsers();
+ protected abstract List<String> listUsers(String filter);
+ protected abstract List<String> listRoles();
+
+ protected abstract List<String> getGrantedRoles(String name);
+
+ protected String hashPassword(String password)
{
try {
MessageDigest md = MessageDigest.getInstance(hashFunction);
md.update(password.getBytes(hashCharset));
byte[] raw = md.digest();
+
// TODO - salt the hash, possibly using the user name?
- account.setPasswordHash(new String(Hex.encodeHex(raw)));
+ return new String(Hex.encodeHex(raw));
}
catch (Exception e) {
throw new RuntimeException(e);
1.2 +170 -6 jboss-seam/src/main/org/jboss/seam/security/management/JpaIdentityStore.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: JpaIdentityStore.java
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/src/main/org/jboss/seam/security/management/JpaIdentityStore.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -b -r1.1 -r1.2
--- JpaIdentityStore.java 5 Dec 2007 07:16:19 -0000 1.1
+++ JpaIdentityStore.java 10 Dec 2007 01:58:47 -0000 1.2
@@ -2,9 +2,15 @@
import static org.jboss.seam.ScopeType.APPLICATION;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
import javax.persistence.EntityManager;
import org.jboss.seam.Component;
+import org.jboss.seam.annotations.Create;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.annotations.intercept.BypassInterceptors;
@@ -21,6 +27,25 @@
private String entityManagerName = "entityManager";
+ private Set<UserAccount> roleCache;
+
+ @Create
+ public void init()
+ {
+ loadRoles();
+ }
+
+ protected void loadRoles()
+ {
+ List<? extends UserAccount> roles = getEntityManager().createQuery(
+ "from " + accountClass.getName() + " where enabled = true and accountType = :accountType")
+ .setParameter("accountType", UserAccount.AccountType.role)
+ .getResultList();
+
+ roleCache = new HashSet<UserAccount>();
+ roleCache.addAll(roles);
+ }
+
@Override
protected UserAccount createAccount(String username, String password)
{
@@ -28,10 +53,11 @@
{
if (accountClass == null)
{
- throw new CreateAccountException("Could not create account, accountClass not set");
+ throw new IdentityManagementException("Could not create account, accountClass not set");
}
UserAccount account = accountClass.newInstance();
+ account.setAccountType(UserAccount.AccountType.user);
account.setUsername(username);
if (password == null)
@@ -40,7 +66,7 @@
}
else
{
- hashAccountPassword(account, password);
+ account.setPasswordHash(hashPassword(password));
account.setEnabled(true);
}
@@ -50,15 +76,153 @@
}
catch (Exception ex)
{
- if (ex instanceof CreateAccountException)
+ if (ex instanceof IdentityManagementException)
+ {
+ throw (IdentityManagementException) ex;
+ }
+ else
+ {
+ throw new IdentityManagementException("Could not create account", ex);
+ }
+ }
+ }
+
+ @Override
+ public boolean grantRole(String name, String role)
+ {
+ UserAccount account = getAccount(name);
+
+ if (account == null)
+ {
+ throw new IdentityManagementException("No such account: " + name);
+ }
+
+ UserAccount roleToGrant = getRole(role);
+
+ if (roleToGrant == null)
+ {
+ throw new IdentityManagementException("No such role: " + role);
+ }
+
+ if (account.getMemberships() == null)
+ {
+ account.setMemberships(new HashSet<UserAccount>());
+ }
+ else if (account.getMemberships().contains(roleToGrant))
+ {
+ return false;
+ }
+
+ account.getMemberships().add(roleToGrant);
+
+ return true;
+ }
+
+ @Override
+ public boolean revokeRole(String name, String role)
+ {
+ UserAccount account = getAccount(name);
+
+ if (account == null)
+ {
+ throw new IdentityManagementException("No such account: " + name);
+ }
+
+ UserAccount roleToRevoke = getRole(role);
+
+ if (roleToRevoke == null)
+ {
+ throw new IdentityManagementException("No such role: " + role);
+ }
+
+ return account.getMemberships().remove(roleToRevoke);
+ }
+
+ @Override
+ public List<String> getGrantedRoles(String name)
+ {
+ UserAccount account = getAccount(name);
+
+ if (account == null)
+ {
+ return null;
+ }
+ else
+ {
+ List<String> roles = new ArrayList<String>();
+
+ for (UserAccount membership : account.getMemberships())
+ {
+ if (membership.getAccountType().equals(UserAccount.AccountType.role))
+ {
+ roles.add(membership.getUsername());
+ }
+ }
+
+ return roles;
+ }
+ }
+
+ protected UserAccount getAccount(String name)
+ {
+ return (UserAccount) getEntityManager().createQuery(
+ "from " + accountClass.getName() + " where username = :username")
+ .setParameter("username", name)
+ .getSingleResult();
+ }
+
+ protected UserAccount getRole(String name)
+ {
+ for (UserAccount ua : roleCache)
+ {
+ if (ua.getUsername().equals(name))
{
- throw (CreateAccountException) ex;
+ return ua;
+ }
+ }
+
+ UserAccount ua = getAccount(name);
+
+ if (ua.getAccountType().equals(UserAccount.AccountType.role))
+ {
+ return ua;
}
else
{
- throw new CreateAccountException("Could not create account", ex);
+ throw new RuntimeException("No such role: " + name);
}
}
+
+ @Override
+ public List<String> listUsers()
+ {
+ return getEntityManager().createQuery(
+ "select username from " + accountClass.getName() +
+ " where accountType = :accountType")
+ .setParameter("accountType", UserAccount.AccountType.user)
+ .getResultList();
+ }
+
+ @Override
+ public List<String> listUsers(String filter)
+ {
+ return getEntityManager().createQuery(
+ "select username from " + accountClass.getName() +
+ " where accountType = :accountType and lower(username) like :username")
+ .setParameter("accountType", UserAccount.AccountType.user)
+ .setParameter("username", "%" + (filter != null ? filter.toLowerCase() : "") +
+ "%")
+ .getResultList();
+ }
+
+ @Override
+ public List<String> listRoles()
+ {
+ return getEntityManager().createQuery(
+ "select username from " + accountClass.getName() +
+ " where accountType = :accountType")
+ .setParameter("accountType", UserAccount.AccountType.role)
+ .getResultList();
}
protected void persistAccount(UserAccount account)
1.2 +42 -28 jboss-seam/src/main/org/jboss/seam/security/management/UserAccount.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: UserAccount.java
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/src/main/org/jboss/seam/security/management/UserAccount.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -b -r1.1 -r1.2
--- UserAccount.java 5 Dec 2007 07:16:19 -0000 1.1
+++ UserAccount.java 10 Dec 2007 01:58:47 -0000 1.2
@@ -1,43 +1,57 @@
package org.jboss.seam.security.management;
import java.io.Serializable;
+import java.util.Set;
-import javax.persistence.MappedSuperclass;
-
- at MappedSuperclass
+/**
+ * Abstract base class for user/role accounts. This class should be extended
+ * to create a concrete JPA/Hibernate implementation. The user has no access to
+ * this class via the identity management API.
+ *
+ * @author Shane Bryzak
+ */
public abstract class UserAccount implements Serializable
{
- private String username;
- private String passwordHash;
- private boolean enabled;
+ public enum AccountType {user, role}
- public String getUsername()
- {
- return username;
- }
+ public abstract String getUsername();
+ public abstract void setUsername(String username);
- public void setUsername(String username)
- {
- this.username = username;
- }
+ public abstract String getPasswordHash();
+ public abstract void setPasswordHash(String passwordHash);
+
+ public abstract boolean isEnabled();
+ public abstract void setEnabled(boolean enabled);
- public String getPasswordHash()
+ public abstract AccountType getAccountType();
+ public abstract void setAccountType(AccountType accountType);
+
+ public abstract Set<UserAccount> getMemberships();
+ public abstract void setMemberships(Set<UserAccount> memberships);
+
+ @Override
+ public boolean equals(Object value)
+ {
+ if (!(value instanceof UserAccount))
{
- return passwordHash;
+ return false;
}
- public void setPasswordHash(String passwordHash)
+ UserAccount other = (UserAccount) value;
+
+ if (other.getUsername() == null && this.getUsername() == null)
{
- this.passwordHash = passwordHash;
+ return hashCode() == other.hashCode();
}
-
- public boolean isEnabled()
+ else
{
- return enabled;
+ return getUsername() == null ? false : getUsername().equals(other.getUsername());
+ }
}
- public void setEnabled(boolean enabled)
+ @Override
+ public int hashCode()
{
- this.enabled = enabled;
+ return getUsername() != null ? getUsername().hashCode() : super.hashCode();
}
}
1.1 date: 2007/12/10 01:58:47; author: sbryzak2; state: Exp;jboss-seam/src/main/org/jboss/seam/security/management/IdentityManagementException.java
Index: IdentityManagementException.java
===================================================================
package org.jboss.seam.security.management;
/**
* Thrown when an exception is encountered during account creation.
*
* @author Shane Bryzak
*/
public class IdentityManagementException extends RuntimeException
{
public IdentityManagementException(String message)
{
super(message);
}
public IdentityManagementException(String message, Throwable cause)
{
super(message, cause);
}
}
More information about the jboss-cvs-commits
mailing list