[jboss-cvs] jboss-seam/src/main/org/jboss/seam/security ...
Shane Bryzak
Shane_Bryzak at symantec.com
Sun Feb 4 04:36:46 EST 2007
User: sbryzak2
Date: 07/02/04 04:36:45
Modified: src/main/org/jboss/seam/security Identity.java Role.java
Log:
Simplified authentication model
Revision Changes Path
1.50 +158 -56 jboss-seam/src/main/org/jboss/seam/security/Identity.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: Identity.java
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/src/main/org/jboss/seam/security/Identity.java,v
retrieving revision 1.49
retrieving revision 1.50
diff -u -b -r1.49 -r1.50
--- Identity.java 4 Feb 2007 06:57:42 -0000 1.49
+++ Identity.java 4 Feb 2007 09:36:45 -0000 1.50
@@ -68,6 +68,8 @@
private String jaasConfigName = null;
+ private List<String> preAuthenticationRoles = new ArrayList<String>();
+
@Override
protected String getCookieName()
{
@@ -194,7 +196,8 @@
authenticate( getLoginContext() );
}
- public void authenticate(LoginContext loginContext) throws LoginException
+ public void authenticate(LoginContext loginContext)
+ throws LoginException
{
preAuthenticate();
loginContext.login();
@@ -203,9 +206,96 @@
protected void preAuthenticate()
{
+ preAuthenticationRoles.clear();
Events.instance().raiseEvent("org.jboss.seam.preAuthenticate");
}
+ /**
+ * Populates the specified subject's roles with any inherited roles
+ * according to the role memberships contained within the current
+ * SecurityConfiguration
+ */
+ protected void postAuthenticate()
+ {
+ populateSecurityContext();
+
+ if (!preAuthenticationRoles.isEmpty() && isLoggedIn())
+ {
+ for (String role : preAuthenticationRoles)
+ {
+ addRole(role);
+ }
+ preAuthenticationRoles.clear();
+ }
+
+ setCookieValue( getUsername() );
+
+ password = null;
+ setDirty();
+
+ Events.instance().raiseEvent("org.jboss.seam.postAuthenticate");
+ }
+
+ protected void populateSecurityContext()
+ {
+ WorkingMemory securityContext = getSecurityContext();
+ assertSecurityContextExists();
+
+ // Populate the working memory with the user's principals
+ for ( Principal p : getSubject().getPrincipals() )
+ {
+ if ( (p instanceof Group) && "roles".equals( ( (Group) p ).getName() ) )
+ {
+ Enumeration e = ( (Group) p ).members();
+ while ( e.hasMoreElements() )
+ {
+ Principal role = (Principal) e.nextElement();
+ securityContext.assertObject( new Role( role.getName() ) );
+ }
+ }
+ else
+ {
+ if (principal == null)
+ {
+ principal = p;
+ setDirty();
+ }
+ securityContext.assertObject(p);
+ }
+
+ }
+ }
+
+ private void assertSecurityContextExists()
+ {
+ if (securityContext==null)
+ {
+ throw new IllegalStateException("no security rule base available - please install a RuleBase with the name 'securityContext'");
+ }
+ }
+
+ /**
+ * Removes all Role objects from the security context, removes the "roles"
+ * group from the user's subject.
+ *
+ */
+ protected void unAuthenticate()
+ {
+ for (Role role : (List<Role>) getSecurityContext().getObjects(Role.class))
+ {
+ getSecurityContext().retractObject(getSecurityContext().getFactHandle(role));
+ }
+
+ for ( Group sg : subject.getPrincipals(Group.class) )
+ {
+ if ( "roles".equals( sg.getName() ) )
+ {
+ subject.getPrincipals().remove(sg);
+ break;
+ }
+ }
+ }
+
protected LoginContext getLoginContext() throws LoginException
{
if (getJaasConfigName() != null)
@@ -242,6 +332,73 @@
}
/**
+ * Adds a role to the user's subject, and their security context
+ *
+ * @param role The name of the role to add
+ */
+ public void addRole(String role)
+ {
+ if (!isLoggedIn())
+ {
+ preAuthenticationRoles.add(role);
+ }
+ else
+ {
+ for ( Group sg : subject.getPrincipals(Group.class) )
+ {
+ if ( "roles".equals( sg.getName() ) )
+ {
+ getSecurityContext().assertObject(new Role(role));
+ sg.addMember(new SimplePrincipal(role));
+ return;
+ }
+ }
+
+ getSecurityContext().assertObject(new Role(role));
+
+ SimpleGroup roleGroup = new SimpleGroup("roles");
+ roleGroup.addMember(new SimplePrincipal(role));
+ subject.getPrincipals().add(roleGroup);
+ }
+ }
+
+ /**
+ * Removes a role from the user's subject and their security context
+ *
+ * @param role The name of the role to remove
+ */
+ public void removeRole(String role)
+ {
+ for (Role r : (List<Role>) getSecurityContext().getObjects(Role.class))
+ {
+ if (r.getName().equals(role))
+ {
+ FactHandle fh = getSecurityContext().getFactHandle(r);
+ getSecurityContext().retractObject(fh);
+ break;
+ }
+ }
+
+ for ( Group sg : subject.getPrincipals(Group.class) )
+ {
+ if ( "roles".equals( sg.getName() ) )
+ {
+ Enumeration e = sg.members();
+ while (e.hasMoreElements())
+ {
+ Principal member = (Principal) e.nextElement();
+ if (member.getName().equals(role))
+ {
+ sg.removeMember(member);
+ break;
+ }
+ }
+
+ }
+ }
+ }
+
+ /**
* Assert that the current authenticated Identity is a member of
* the specified role.
*
@@ -356,61 +513,6 @@
}
/**
- * Populates the specified subject's roles with any inherited roles
- * according to the role memberships contained within the current
- * SecurityConfiguration
- */
- protected void postAuthenticate()
- {
- populateSecurityContext();
-
- setCookieValue( getUsername() );
-
- password = null;
- setDirty();
-
- Events.instance().raiseEvent("org.jboss.seam.postAuthenticate");
- }
-
- protected void populateSecurityContext()
- {
- WorkingMemory securityContext = getSecurityContext();
- assertSecurityContextExists();
-
- // Populate the working memory with the user's principals
- for ( Principal p : getSubject().getPrincipals() )
- {
- if ( (p instanceof Group) && "roles".equals( ( (Group) p ).getName() ) )
- {
- Enumeration e = ( (Group) p ).members();
- while ( e.hasMoreElements() )
- {
- Principal role = (Principal) e.nextElement();
- securityContext.assertObject( new Role( role.getName() ) );
- }
- }
- else
- {
- if (principal == null)
- {
- principal = p;
- setDirty();
- }
- securityContext.assertObject(p);
- }
-
- }
- }
-
- private void assertSecurityContextExists()
- {
- if (securityContext==null)
- {
- throw new IllegalStateException("no security rule base available - please install a RuleBase with the name 'securityContext'");
- }
- }
-
- /**
* Evaluates the specified security expression, which must return a boolean
* value.
*
1.5 +1 -1 jboss-seam/src/main/org/jboss/seam/security/Role.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: Role.java
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/src/main/org/jboss/seam/security/Role.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -b -r1.4 -r1.5
--- Role.java 30 Jan 2007 10:47:23 -0000 1.4
+++ Role.java 4 Feb 2007 09:36:45 -0000 1.5
@@ -3,7 +3,7 @@
import java.io.Serializable;
/**
- * A user role
+ * Represents a user role exclusively within the scope of security rules.
*
* @author Shane Bryzak
*/
More information about the jboss-cvs-commits
mailing list