[jboss-cvs] jboss-seam/src/main/org/jboss/seam/security ...
Shane Bryzak
Shane_Bryzak at symantec.com
Mon Jan 15 05:06:56 EST 2007
User: sbryzak2
Date: 07/01/15 05:06:56
Modified: src/main/org/jboss/seam/security SeamSecurityManager.java
Log:
fixed NPE, minor changes
Revision Changes Path
1.40 +16 -4 jboss-seam/src/main/org/jboss/seam/security/SeamSecurityManager.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: SeamSecurityManager.java
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/src/main/org/jboss/seam/security/SeamSecurityManager.java,v
retrieving revision 1.39
retrieving revision 1.40
diff -u -b -r1.39 -r1.40
--- SeamSecurityManager.java 13 Jan 2007 05:36:06 -0000 1.39
+++ SeamSecurityManager.java 15 Jan 2007 10:06:55 -0000 1.40
@@ -14,6 +14,8 @@
import java.util.HashSet;
import java.util.List;
import java.util.Set;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
import javax.faces.context.FacesContext;
import javax.security.auth.Subject;
@@ -118,6 +120,8 @@
return instance;
}
+ private static Pattern EXPR_PATTERN = Pattern.compile("(hasPermission\\s*\\(\\s*'[^']*'\\s*,\\s*'[^']*')(\\s*\\))");
+
/**
* Evaluates the specified security expression, which must return a boolean
* value.
@@ -125,9 +129,14 @@
* @param expr String The expression to evaluate
* @return boolean The result of the expression evaluation
*/
- public boolean evaluateExpression(String expr) throws AuthorizationException
+ public boolean evaluateExpression(String expr)
+ throws AuthorizationException
{
- return (Boolean) new UnifiedELValueBinding(expr).getValue(FacesContext.getCurrentInstance());
+ // TODO Ugly hack! Fix this once varargs work with EL
+ Matcher m = EXPR_PATTERN.matcher(expr);
+ String replaced = m.replaceAll("$1, null$2");
+
+ return (Boolean) new UnifiedELValueBinding(replaced).getValue(FacesContext.getCurrentInstance());
}
/**
@@ -216,6 +225,8 @@
Principal role = (Principal) e.nextElement();
Role r = config.getSecurityRole(role.getName());
+ if (r.getPermissions() != null)
+ {
for (Permission perm : r.getPermissions())
{
wm.assertObject(perm);
@@ -223,6 +234,7 @@
}
}
}
+ }
// Only set the security context if the user is already logged in
Contexts.getSessionContext().set(SECURITY_CONTEXT_NAME, wm);
More information about the jboss-cvs-commits
mailing list