[jboss-cvs] jboss-seam/examples/dvdstore/src/com/jboss/dvd/seam ...
Norman Richards
norman.richards at jboss.com
Thu Mar 22 15:39:31 EDT 2007
User: nrichards
Date: 07/03/22 15:39:31
Modified: examples/dvdstore/src/com/jboss/dvd/seam
AuthenticatorAction.java EditCustomerAction.java
Order.java Ship.java ShipAction.java
Log:
fix security issues, clean up navigation and security, introduce framework
Revision Changes Path
1.2 +12 -8 jboss-seam/examples/dvdstore/src/com/jboss/dvd/seam/AuthenticatorAction.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: AuthenticatorAction.java
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/examples/dvdstore/src/com/jboss/dvd/seam/AuthenticatorAction.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -b -r1.1 -r1.2
--- AuthenticatorAction.java 15 Feb 2007 03:11:23 -0000 1.1
+++ AuthenticatorAction.java 22 Mar 2007 19:39:31 -0000 1.2
@@ -2,7 +2,7 @@
import javax.ejb.Stateless;
import javax.persistence.EntityManager;
-import javax.persistence.PersistenceContext;
+import javax.persistence.PersistenceException;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Name;
@@ -16,8 +16,8 @@
{
private static final String USER_VAR = "currentUser";
- @PersistenceContext
- private EntityManager em;
+ @In
+ private EntityManager entityManager;
@In Context sessionContext;
@@ -27,11 +27,15 @@
public boolean authenticate()
{
- User found = (User) em.createQuery(
- "select u from User u where u.userName = :userName and u.password = :password")
- .setParameter("userName", identity.getUsername())
- .setParameter("password", identity.getPassword())
+
+ User found;
+ try {
+ found = (User)
+ entityManager.createQuery("select u from User u where u.userName = #{identity.username} and u.password = #{identity.password}")
.getSingleResult();
+ } catch (PersistenceException e) {
+ return false;
+ }
sessionContext.set(USER_VAR, found);
1.19 +1 -0 jboss-seam/examples/dvdstore/src/com/jboss/dvd/seam/EditCustomerAction.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: EditCustomerAction.java
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/examples/dvdstore/src/com/jboss/dvd/seam/EditCustomerAction.java,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -b -r1.18 -r1.19
--- EditCustomerAction.java 26 Feb 2007 21:09:21 -0000 1.18
+++ EditCustomerAction.java 22 Mar 2007 19:39:31 -0000 1.19
@@ -79,6 +79,7 @@
return ok;
}
+ @SuppressWarnings("unchecked")
private boolean isUniqueName() {
String name = customer.getUserName();
if (name == null) return true;
1.17 +2 -0 jboss-seam/examples/dvdstore/src/com/jboss/dvd/seam/Order.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: Order.java
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/examples/dvdstore/src/com/jboss/dvd/seam/Order.java,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -b -r1.16 -r1.17
--- Order.java 17 Dec 2006 07:20:05 -0000 1.16
+++ Order.java 22 Mar 2007 19:39:31 -0000 1.17
@@ -28,6 +28,8 @@
public class Order
implements Serializable
{
+ private static final long serialVersionUID = -5451107485769007079L;
+
public enum Status {OPEN,CANCELLED,PROCESSING,SHIPPED}
public static BigDecimal TAX_RATE = new BigDecimal(".0825");
1.4 +1 -1 jboss-seam/examples/dvdstore/src/com/jboss/dvd/seam/Ship.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: Ship.java
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/examples/dvdstore/src/com/jboss/dvd/seam/Ship.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -b -r1.3 -r1.4
1.14 +10 -15 jboss-seam/examples/dvdstore/src/com/jboss/dvd/seam/ShipAction.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: ShipAction.java
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/examples/dvdstore/src/com/jboss/dvd/seam/ShipAction.java,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -b -r1.13 -r1.14
--- ShipAction.java 21 Nov 2006 03:20:31 -0000 1.13
+++ ShipAction.java 22 Mar 2007 19:39:31 -0000 1.14
@@ -14,11 +14,13 @@
import javax.persistence.PersistenceContext;
import javax.persistence.PersistenceContextType;
+import org.hibernate.validator.Length;
+import org.hibernate.validator.NotNull;
+import org.jboss.seam.Component;
import org.jboss.seam.ScopeType;
import org.jboss.seam.annotations.BeginTask;
import org.jboss.seam.annotations.Destroy;
import org.jboss.seam.annotations.EndTask;
-import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Out;
@@ -28,8 +30,7 @@
implements Ship,
Serializable
{
- @In(value="currentUser", required=false)
- Admin admin;
+ private static final long serialVersionUID = -5284603520443473953L;
@PersistenceContext(type=PersistenceContextType.EXTENDED)
EntityManager em;
@@ -37,11 +38,10 @@
@Out(required=false, scope=ScopeType.CONVERSATION)
Order order;
- @In(required=false)
- Long orderId;
-
String track;
+ @NotNull
+ @Length(min=4,max=10)
public String getTrack() {
return track;
}
@@ -51,17 +51,12 @@
@BeginTask
public String viewTask() {
- order = em.find(Order.class, orderId);
+ order = (Order) Component.getInstance("workingOrder");
return "ship";
}
@EndTask
public String ship() {
- if (track == null || track.length()==0) {
- // invalid message
- return null;
- }
-
order.ship(track);
return "admin";
More information about the jboss-cvs-commits
mailing list