[jboss-cvs] jboss-seam/src/main/org/jboss/seam/security ...

Sun Feb 11 22:23:41 EST 2007

  User: sbryzak2
  Date: 07/02/11 22:23:41

  Added:       src/main/org/jboss/seam/security     EntitySecurity.java
                        HibernateSecurityInterceptor.java
                        JPASecurityListener.java
  Removed:     src/main/org/jboss/seam/security    
                        SecurityEntityListener.java
  Log:
  entity security
  
  Revision  Changes    Path
  1.1      date: 2007/02/12 03:23:41;  author: sbryzak2;  state: Exp;jboss-seam/src/main/org/jboss/seam/security/EntitySecurity.java
  
  Index: EntitySecurity.java
  ===================================================================
  package org.jboss.seam.security;
  
  import org.jboss.seam.Seam;
  import org.jboss.seam.annotations.security.Restrict;
  import org.jboss.seam.contexts.Contexts;
  
  public class EntitySecurity
  {
     public enum Action { read, insert, update, delete }
     
     public static void check(Object entity, Action action)
     {
        if (!entity.getClass().isAnnotationPresent(Restrict.class))
           return;
  
        String name = Seam.getComponentName(entity.getClass());
        if (name == null) name = entity.getClass().getName();
        
        Contexts.getMethodContext().set("entity", entity);
        String expr = String.format("#{s:hasPermission('%s', '%s', entity)}",
                 name, action);
        
        Identity.instance().checkRestriction(expr);
     }
  }
  
  
  
  1.1      date: 2007/02/12 03:23:41;  author: sbryzak2;  state: Exp;jboss-seam/src/main/org/jboss/seam/security/HibernateSecurityInterceptor.java
  
  Index: HibernateSecurityInterceptor.java
  ===================================================================
  package org.jboss.seam.security;
  
  import java.io.Serializable;
  
  import org.hibernate.EmptyInterceptor;
  import org.hibernate.type.Type;
  import org.jboss.seam.security.EntitySecurity.Action;
  
  public class HibernateSecurityInterceptor extends EmptyInterceptor
  {
     @Override
     public boolean onLoad(Object entity, Serializable id, Object[] state,
                        String[] propertyNames, Type[] types)
     {
        EntitySecurity.check(entity, Action.read);
        return true;
     }
     
     @Override
     public void onDelete(Object entity, Serializable id, Object[] state, 
                          String[] propertyNames, Type[] types)
     {
        EntitySecurity.check(entity, Action.delete);      
     }
     
     @Override
     public boolean onFlushDirty(Object entity, Serializable id, Object[] currentState,
                     Object[] previousState, String[] propertyNames, Type[] types)
     {
        EntitySecurity.check(entity, Action.update);
        return true;
     }
     
     @Override
     public boolean onSave(Object entity, Serializable id, Object[] state,
                        String[] propertyNames, Type[] types)
     {
        EntitySecurity.check(entity, Action.insert);      
        return true;
     }       
  }
  
  
  
  1.1      date: 2007/02/12 03:23:41;  author: sbryzak2;  state: Exp;jboss-seam/src/main/org/jboss/seam/security/JPASecurityListener.java
  
  Index: JPASecurityListener.java
  ===================================================================
  package org.jboss.seam.security;
  
  import javax.persistence.PostLoad;
  import javax.persistence.PrePersist;
  import javax.persistence.PreRemove;
  import javax.persistence.PreUpdate;
  
  import org.jboss.seam.security.EntitySecurity.Action;
  
  /**
   * Facilitates security checks for entity beans.
   * 
   * @author Shane Bryzak
   */
  public class JPASecurityListener
  {
     @PostLoad
     public void postLoad(Object entity)
     {
        EntitySecurity.check(entity, Action.read);
     }
     
     @PrePersist
     public void prePersist(Object entity)
     { 
        EntitySecurity.check(entity, Action.insert);
     }
     
     @PreUpdate
     public void preUpdate(Object entity)
     {
        EntitySecurity.check(entity, Action.update);
     }
     
     @PreRemove
     public void preRemove(Object entity)
     {
        EntitySecurity.check(entity, Action.delete);
     }
  }