[jboss-cvs] jboss-seam/examples/dvdstore/src/com/jboss/dvd/seam ...

Norman Richards norman.richards at jboss.com
Thu Mar 22 15:39:31 EDT 2007


  User: nrichards
  Date: 07/03/22 15:39:31

  Modified:    examples/dvdstore/src/com/jboss/dvd/seam     
                        AuthenticatorAction.java EditCustomerAction.java
                        Order.java Ship.java ShipAction.java
  Log:
  fix security issues, clean up navigation and security, introduce framework
  
  Revision  Changes    Path
  1.2       +12 -8     jboss-seam/examples/dvdstore/src/com/jboss/dvd/seam/AuthenticatorAction.java
  
  (In the diff below, changes in quantity of whitespace are not shown.)
  
  Index: AuthenticatorAction.java
  ===================================================================
  RCS file: /cvsroot/jboss/jboss-seam/examples/dvdstore/src/com/jboss/dvd/seam/AuthenticatorAction.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -b -r1.1 -r1.2
  --- AuthenticatorAction.java	15 Feb 2007 03:11:23 -0000	1.1
  +++ AuthenticatorAction.java	22 Mar 2007 19:39:31 -0000	1.2
  @@ -2,7 +2,7 @@
   
   import javax.ejb.Stateless;
   import javax.persistence.EntityManager;
  -import javax.persistence.PersistenceContext;
  +import javax.persistence.PersistenceException;
   
   import org.jboss.seam.annotations.In;
   import org.jboss.seam.annotations.Name;
  @@ -16,8 +16,8 @@
   {
      private static final String USER_VAR = "currentUser";
   
  -   @PersistenceContext
  -   private EntityManager em;
  +   @In
  +   private EntityManager entityManager;
   
      @In Context sessionContext;
   
  @@ -27,11 +27,15 @@
   
      public boolean authenticate()
      {
  -      User found = (User) em.createQuery(
  -                  "select u from User u where u.userName = :userName and u.password = :password")
  -            .setParameter("userName", identity.getUsername())
  -            .setParameter("password", identity.getPassword())
  +       
  +      User found;
  +      try {
  +          found = (User) 
  +              entityManager.createQuery("select u from User u where u.userName = #{identity.username} and u.password = #{identity.password}")       
               .getSingleResult();
  +      } catch (PersistenceException e) {
  +          return false;
  +      }
   
         sessionContext.set(USER_VAR, found);
   
  
  
  
  1.19      +1 -0      jboss-seam/examples/dvdstore/src/com/jboss/dvd/seam/EditCustomerAction.java
  
  (In the diff below, changes in quantity of whitespace are not shown.)
  
  Index: EditCustomerAction.java
  ===================================================================
  RCS file: /cvsroot/jboss/jboss-seam/examples/dvdstore/src/com/jboss/dvd/seam/EditCustomerAction.java,v
  retrieving revision 1.18
  retrieving revision 1.19
  diff -u -b -r1.18 -r1.19
  --- EditCustomerAction.java	26 Feb 2007 21:09:21 -0000	1.18
  +++ EditCustomerAction.java	22 Mar 2007 19:39:31 -0000	1.19
  @@ -79,6 +79,7 @@
           return ok;
       }
   
  +    @SuppressWarnings("unchecked")
       private boolean isUniqueName() {
           String name = customer.getUserName();
           if (name == null) return true;
  
  
  
  1.17      +2 -0      jboss-seam/examples/dvdstore/src/com/jboss/dvd/seam/Order.java
  
  (In the diff below, changes in quantity of whitespace are not shown.)
  
  Index: Order.java
  ===================================================================
  RCS file: /cvsroot/jboss/jboss-seam/examples/dvdstore/src/com/jboss/dvd/seam/Order.java,v
  retrieving revision 1.16
  retrieving revision 1.17
  diff -u -b -r1.16 -r1.17
  --- Order.java	17 Dec 2006 07:20:05 -0000	1.16
  +++ Order.java	22 Mar 2007 19:39:31 -0000	1.17
  @@ -28,6 +28,8 @@
   public class Order
       implements Serializable
   {
  +    private static final long serialVersionUID = -5451107485769007079L;
  +
       public enum Status {OPEN,CANCELLED,PROCESSING,SHIPPED}
   
       public static BigDecimal TAX_RATE = new BigDecimal(".0825");
  
  
  
  1.4       +1 -1      jboss-seam/examples/dvdstore/src/com/jboss/dvd/seam/Ship.java
  
  (In the diff below, changes in quantity of whitespace are not shown.)
  
  Index: Ship.java
  ===================================================================
  RCS file: /cvsroot/jboss/jboss-seam/examples/dvdstore/src/com/jboss/dvd/seam/Ship.java,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -b -r1.3 -r1.4
  
  
  
  1.14      +10 -15    jboss-seam/examples/dvdstore/src/com/jboss/dvd/seam/ShipAction.java
  
  (In the diff below, changes in quantity of whitespace are not shown.)
  
  Index: ShipAction.java
  ===================================================================
  RCS file: /cvsroot/jboss/jboss-seam/examples/dvdstore/src/com/jboss/dvd/seam/ShipAction.java,v
  retrieving revision 1.13
  retrieving revision 1.14
  diff -u -b -r1.13 -r1.14
  --- ShipAction.java	21 Nov 2006 03:20:31 -0000	1.13
  +++ ShipAction.java	22 Mar 2007 19:39:31 -0000	1.14
  @@ -14,11 +14,13 @@
   import javax.persistence.PersistenceContext;
   import javax.persistence.PersistenceContextType;
   
  +import org.hibernate.validator.Length;
  +import org.hibernate.validator.NotNull;
  +import org.jboss.seam.Component;
   import org.jboss.seam.ScopeType;
   import org.jboss.seam.annotations.BeginTask;
   import org.jboss.seam.annotations.Destroy;
   import org.jboss.seam.annotations.EndTask;
  -import org.jboss.seam.annotations.In;
   import org.jboss.seam.annotations.Name;
   import org.jboss.seam.annotations.Out;
   
  @@ -28,8 +30,7 @@
       implements Ship,
                  Serializable
   {
  -    @In(value="currentUser", required=false)
  -    Admin admin;
  +    private static final long serialVersionUID = -5284603520443473953L;
   
       @PersistenceContext(type=PersistenceContextType.EXTENDED)
       EntityManager em;
  @@ -37,11 +38,10 @@
       @Out(required=false, scope=ScopeType.CONVERSATION)
       Order order;
   
  -    @In(required=false)
  -    Long orderId;
  -
       String track;
   
  +    @NotNull
  +    @Length(min=4,max=10)
       public String getTrack() {
           return track;
       }
  @@ -51,17 +51,12 @@
   
       @BeginTask
       public String viewTask() {
  -        order = em.find(Order.class, orderId);
  +        order = (Order) Component.getInstance("workingOrder");
           return "ship";
       }
       
       @EndTask
       public String ship() {
  -        if (track == null || track.length()==0) {
  -            // invalid message
  -            return null;
  -        }
  -        
           order.ship(track);
           
           return "admin";
  
  
  



More information about the jboss-cvs-commits mailing list