[jboss-cvs] jboss-seam/src/main/org/jboss/seam/security ...
Shane Bryzak
Shane_Bryzak at symantec.com
Wed Feb 14 07:39:58 EST 2007
User: sbryzak2
Date: 07/02/14 07:39:58
Modified: src/main/org/jboss/seam/security Identity.java
Added: src/main/org/jboss/seam/security DroolsIdentity.java
Log:
JBSEAM-764
Revision Changes Path
1.64 +23 -170 jboss-seam/src/main/org/jboss/seam/security/Identity.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: Identity.java
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/src/main/org/jboss/seam/security/Identity.java,v
retrieving revision 1.63
retrieving revision 1.64
diff -u -b -r1.63 -r1.64
--- Identity.java 14 Feb 2007 07:17:27 -0000 1.63
+++ Identity.java 14 Feb 2007 12:39:58 -0000 1.64
@@ -9,7 +9,6 @@
import java.security.Principal;
import java.security.acl.Group;
import java.util.ArrayList;
-import java.util.Collection;
import java.util.Enumeration;
import java.util.List;
@@ -24,10 +23,6 @@
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
-import org.drools.FactHandle;
-import org.drools.RuleBase;
-import org.drools.RuleBaseFactory;
-import org.drools.WorkingMemory;
import org.jboss.seam.Component;
import org.jboss.seam.Entity;
import org.jboss.seam.Model;
@@ -52,7 +47,7 @@
@Name("org.jboss.seam.security.identity")
@Scope(SESSION)
- at Install(precedence = BUILT_IN, classDependencies="org.drools.WorkingMemory")
+ at Install(precedence = BUILT_IN)
@Intercept(NEVER)
@Startup
public class Identity extends Selector
@@ -60,7 +55,6 @@
private static final long serialVersionUID = 3751659008033189259L;
private static final LogProvider log = Logging.getLogProvider(Identity.class);
- public static final String RULES_COMPONENT_NAME = "securityRules";
private String username;
private String password;
@@ -70,9 +64,6 @@
private Principal principal;
private Subject subject;
- private WorkingMemory securityContext;
- private RuleBase securityRules;
-
private String jaasConfigName = null;
private List<String> preAuthenticationRoles = new ArrayList<String>();
@@ -87,7 +78,6 @@
public void create()
{
subject = new Subject();
- initSecurityContext();
initCredentialsFromCookie();
}
@@ -108,38 +98,6 @@
Events.instance().raiseEvent("org.jboss.seam.rememberMe");
}
- protected void initSecurityContext()
- {
- if (securityRules==null) //it might have been configured via components.xml
- {
- securityRules = (RuleBase) Component.getInstance(RULES_COMPONENT_NAME, true);
- }
-
- if (securityRules == null)
- {
- log.warn("No securityRules component found, creating empty rule base.");
- createDefaultSecurityRules();
- }
-
- if (securityRules != null)
- {
- securityContext = securityRules.newWorkingMemory(false);
- }
- }
-
- private synchronized void createDefaultSecurityRules()
- {
- if (Contexts.getApplicationContext().get(RULES_COMPONENT_NAME) == null)
- {
- securityRules = RuleBaseFactory.newRuleBase();
- Contexts.getApplicationContext().set(RULES_COMPONENT_NAME, securityRules);
- }
- else
- {
- securityRules = (RuleBase) Contexts.getApplicationContext().get(RULES_COMPONENT_NAME);
- }
- }
-
public static Identity instance()
{
if ( !Contexts.isSessionContextActive() )
@@ -260,14 +218,21 @@
Events.instance().raiseEvent("org.jboss.seam.preAuthenticate");
}
- /**
- * Populates the specified subject's roles with any inherited roles
- * according to the role memberships contained within the current
- * SecurityConfiguration
- */
protected void postAuthenticate()
{
- populateSecurityContext();
+ // Populate the working memory with the user's principals
+ for ( Principal p : getSubject().getPrincipals() )
+ {
+ if ( !(p instanceof Group))
+ {
+ if (principal == null)
+ {
+ principal = p;
+ setDirty();
+ break;
+ }
+ }
+ }
if (!preAuthenticationRoles.isEmpty() && isLoggedIn())
{
@@ -286,46 +251,6 @@
Events.instance().raiseEvent("org.jboss.seam.postAuthenticate");
}
- protected void populateSecurityContext()
- {
- WorkingMemory securityContext = getSecurityContext();
- assertSecurityContextExists();
-
- // Populate the working memory with the user's principals
- for ( Principal p : getSubject().getPrincipals() )
- {
- if ( (p instanceof Group) && "roles".equals( ( (Group) p ).getName() ) )
- {
- Enumeration e = ( (Group) p ).members();
- while ( e.hasMoreElements() )
- {
- Principal role = (Principal) e.nextElement();
- securityContext.assertObject( new Role( role.getName() ) );
- }
- }
- else
- {
- if (principal == null)
- {
- principal = p;
- setDirty();
- }
- securityContext.assertObject(p);
- }
-
- }
- }
-
- private void assertSecurityContextExists()
- {
- if (securityContext==null)
- {
- throw new IllegalStateException(
- "no security rule base available - please install a RuleBase with the name '" +
- RULES_COMPONENT_NAME + "'");
- }
- }
-
/**
* Removes all Role objects from the security context, removes the "roles"
* group from the user's subject.
@@ -333,11 +258,6 @@
*/
protected void unAuthenticate()
{
- for (Role role : (List<Role>) getSecurityContext().getObjects(Role.class))
- {
- getSecurityContext().retractObject(getSecurityContext().getFactHandle(role));
- }
-
for ( Group sg : subject.getPrincipals(Group.class) )
{
if ( "roles".equals( sg.getName() ) )
@@ -389,11 +309,12 @@
*
* @param role The name of the role to add
*/
- public void addRole(String role)
+ public boolean addRole(String role)
{
if (!isLoggedIn())
{
preAuthenticationRoles.add(role);
+ return false;
}
else
{
@@ -401,17 +322,14 @@
{
if ( "roles".equals( sg.getName() ) )
{
- getSecurityContext().assertObject(new Role(role));
- sg.addMember(new SimplePrincipal(role));
- return;
+ return sg.addMember(new SimplePrincipal(role));
}
}
- getSecurityContext().assertObject(new Role(role));
-
SimpleGroup roleGroup = new SimpleGroup("roles");
roleGroup.addMember(new SimplePrincipal(role));
subject.getPrincipals().add(roleGroup);
+ return true;
}
}
@@ -422,16 +340,6 @@
*/
public void removeRole(String role)
{
- for (Role r : (List<Role>) getSecurityContext().getObjects(Role.class))
- {
- if (r.getName().equals(role))
- {
- FactHandle fh = getSecurityContext().getFactHandle(r);
- getSecurityContext().retractObject(fh);
- break;
- }
- }
-
for ( Group sg : subject.getPrincipals(Group.class) )
{
if ( "roles".equals( sg.getName() ) )
@@ -511,44 +419,9 @@
*/
public boolean hasPermission(String name, String action, Object...arg)
{
- List<FactHandle> handles = new ArrayList<FactHandle>();
-
- PermissionCheck check = new PermissionCheck(name, action);
-
- WorkingMemory securityContext = getSecurityContext();
- assertSecurityContextExists();
- synchronized( securityContext )
- {
- handles.add( securityContext.assertObject(check) );
-
- for (int i = 0; i < arg.length; i++)
- {
- if (i == 0 && arg[0] instanceof Collection)
- {
- for (Object value : (Collection) arg[i])
- {
- if ( securityContext.getFactHandle(value) == null )
- {
- handles.add( securityContext.assertObject(value) );
- }
- }
- }
- else
- {
- handles.add( securityContext.assertObject(arg[i]) );
- }
- }
-
- securityContext.fireAllRules();
-
- for (FactHandle handle : handles)
- securityContext.retractObject(handle);
- }
-
- return check.isGranted();
+ return false;
}
-
/**
* Creates a callback handler that can handle a standard username/password
* callback, using the username and password properties.
@@ -618,16 +491,6 @@
this.password = password;
}
- public WorkingMemory getSecurityContext()
- {
- return securityContext;
- }
-
- public void setSecurityContext(WorkingMemory securityContext)
- {
- this.securityContext = securityContext;
- }
-
public MethodBinding getAuthenticateMethod()
{
return authenticateMethod;
@@ -658,16 +521,6 @@
this.jaasConfigName = jaasConfigName;
}
- public RuleBase getSecurityRules()
- {
- return securityRules;
- }
-
- public void setSecurityRules(RuleBase securityRules)
- {
- this.securityRules = securityRules;
- }
-
public void checkEntityPermission(Object entity, EntityAction action)
{
Entity e = (Entity) Model.forClass(entity.getClass());
1.1 date: 2007/02/14 12:39:58; author: sbryzak2; state: Exp;jboss-seam/src/main/org/jboss/seam/security/DroolsIdentity.java
Index: DroolsIdentity.java
===================================================================
package org.jboss.seam.security;
import static org.jboss.seam.InterceptionType.NEVER;
import static org.jboss.seam.ScopeType.SESSION;
import static org.jboss.seam.annotations.Install.FRAMEWORK;
import java.security.Principal;
import java.security.acl.Group;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Enumeration;
import java.util.List;
import org.drools.FactHandle;
import org.drools.RuleBase;
import org.drools.WorkingMemory;
import org.jboss.seam.Component;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Install;
import org.jboss.seam.annotations.Intercept;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Scope;
import org.jboss.seam.annotations.Startup;
@Name("org.jboss.seam.security.identity")
@Scope(SESSION)
@Intercept(NEVER)
@Install(precedence=FRAMEWORK, classDependencies="org.drools.WorkingMemory")
@Startup
public class DroolsIdentity extends Identity
{
public static final String RULES_COMPONENT_NAME = "securityRules";
private WorkingMemory securityContext;
@In
private RuleBase securityRules;
@Override
public void create()
{
super.create();
initSecurityContext();
}
protected void initSecurityContext()
{
if (securityRules==null) //it might have been configured via components.xml
{
securityRules = (RuleBase) Component.getInstance(RULES_COMPONENT_NAME, true);
}
assertSecurityContextExists();
securityContext = securityRules.newWorkingMemory(false);
}
@Override
protected void postAuthenticate()
{
super.postAuthenticate();
WorkingMemory securityContext = getSecurityContext();
assertSecurityContextExists();
// Populate the working memory with the user's principals
for ( Principal p : getSubject().getPrincipals() )
{
if ( (p instanceof Group) && "roles".equals( ( (Group) p ).getName() ) )
{
Enumeration e = ( (Group) p ).members();
while ( e.hasMoreElements() )
{
Principal role = (Principal) e.nextElement();
securityContext.assertObject( new Role( role.getName() ) );
}
}
}
securityContext.assertObject(getPrincipal());
}
private void assertSecurityContextExists()
{
if (securityContext==null)
{
throw new IllegalStateException(
"no security rule base available - please install a RuleBase with the name '" +
RULES_COMPONENT_NAME + "'");
}
}
/**
* Performs a permission check for the specified name and action
*
* @param name String The permission name
* @param action String The permission action
* @param arg Object Optional object parameter used to make a permission decision
* @return boolean True if the user has the specified permission
*/
@Override
public boolean hasPermission(String name, String action, Object...arg)
{
List<FactHandle> handles = new ArrayList<FactHandle>();
PermissionCheck check = new PermissionCheck(name, action);
WorkingMemory securityContext = getSecurityContext();
assertSecurityContextExists();
synchronized( securityContext )
{
handles.add( securityContext.assertObject(check) );
for (int i = 0; i < arg.length; i++)
{
if (i == 0 && arg[0] instanceof Collection)
{
for (Object value : (Collection) arg[i])
{
if ( securityContext.getFactHandle(value) == null )
{
handles.add( securityContext.assertObject(value) );
}
}
}
else
{
handles.add( securityContext.assertObject(arg[i]) );
}
}
securityContext.fireAllRules();
for (FactHandle handle : handles)
securityContext.retractObject(handle);
}
return check.isGranted();
}
@Override
protected void unAuthenticate()
{
for (Role role : (List<Role>) getSecurityContext().getObjects(Role.class))
{
getSecurityContext().retractObject(getSecurityContext().getFactHandle(role));
}
super.unAuthenticate();
}
@Override
public boolean addRole(String role)
{
if (super.addRole(role))
{
getSecurityContext().assertObject(new Role(role));
return true;
}
else
{
return false;
}
}
@Override
public void removeRole(String role)
{
for (Role r : (List<Role>) getSecurityContext().getObjects(Role.class))
{
if (r.getName().equals(role))
{
FactHandle fh = getSecurityContext().getFactHandle(r);
getSecurityContext().retractObject(fh);
break;
}
}
super.removeRole(role);
}
public WorkingMemory getSecurityContext()
{
return securityContext;
}
public void setSecurityContext(WorkingMemory securityContext)
{
this.securityContext = securityContext;
}
public RuleBase getSecurityRules()
{
return securityRules;
}
public void setSecurityRules(RuleBase securityRules)
{
this.securityRules = securityRules;
}
}
More information about the jboss-cvs-commits
mailing list