[jboss-cvs] Picketbox SVN: r267 - in trunk: security-spi/spi/src/main/java/org/jboss/security/javaee and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Oct 4 17:14:37 EDT 2011
Author: mmoyses
Date: 2011-10-04 17:14:37 -0400 (Tue, 04 Oct 2011)
New Revision: 267
Modified:
trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/javaee/WebAuthorizationHelper.java
trunk/security-spi/spi/src/main/java/org/jboss/security/javaee/AbstractWebAuthorizationHelper.java
Log:
provide roles to web authorization helper to avoid having to map them again
Modified: trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/javaee/WebAuthorizationHelper.java
===================================================================
--- trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/javaee/WebAuthorizationHelper.java 2011-09-29 13:49:04 UTC (rev 266)
+++ trunk/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/plugins/javaee/WebAuthorizationHelper.java 2011-10-04 21:14:37 UTC (rev 267)
@@ -24,6 +24,7 @@
import java.security.Principal;
import java.util.Collections;
import java.util.HashMap;
+import java.util.List;
import java.util.Map;
import java.util.Set;
@@ -33,6 +34,7 @@
import org.jboss.logging.Logger;
import org.jboss.security.AuthorizationManager;
+import org.jboss.security.SecurityConstants;
import org.jboss.security.audit.AuditLevel;
import org.jboss.security.authorization.AuthorizationContext;
import org.jboss.security.authorization.AuthorizationException;
@@ -40,6 +42,8 @@
import org.jboss.security.authorization.resources.WebResource;
import org.jboss.security.callbacks.SecurityContextCallbackHandler;
import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.identity.plugins.SimpleRole;
+import org.jboss.security.identity.plugins.SimpleRoleGroup;
import org.jboss.security.javaee.AbstractWebAuthorizationHelper;
/**
@@ -62,6 +66,19 @@
String contextID,
String canonicalRequestURI)
{
+ return checkResourcePermission(contextMap, request, response, callerSubject, contextID, canonicalRequestURI, null);
+ }
+
+ @Override
+ public boolean checkResourcePermission(
+ Map<String, Object> contextMap,
+ ServletRequest request,
+ ServletResponse response,
+ Subject callerSubject,
+ String contextID,
+ String canonicalRequestURI,
+ List<String> roles)
+ {
if(contextID == null)
throw new IllegalArgumentException("ContextID is null");
if(request == null)
@@ -85,8 +102,18 @@
webResource.setCallerSubject(callerSubject);
webResource.setCanonicalRequestURI(canonicalRequestURI);
- SecurityContextCallbackHandler sch = new SecurityContextCallbackHandler(this.securityContext);
- RoleGroup callerRoles = authzMgr.getSubjectRoles(callerSubject, sch);
+ SecurityContextCallbackHandler sch = new SecurityContextCallbackHandler(this.securityContext);
+ RoleGroup callerRoles = null;
+ if (roles == null)
+ callerRoles = authzMgr.getSubjectRoles(callerSubject, sch);
+ else
+ {
+ callerRoles = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
+ for (String role : roles)
+ {
+ callerRoles.addRole(new SimpleRole(role));
+ }
+ }
try
{
@@ -116,6 +143,19 @@
String contextID,
Subject callerSubject)
{
+ return hasRole(roleName, principal, servletName, principalRoles, contextID, callerSubject, null);
+ }
+
+ @Override
+ public boolean hasRole(
+ String roleName,
+ Principal principal,
+ String servletName,
+ Set<Principal> principalRoles,
+ String contextID,
+ Subject callerSubject,
+ List<String> roles)
+ {
if(roleName == null)
throw new IllegalArgumentException("roleName is null");
if(contextID == null)
@@ -143,7 +183,17 @@
webResource.setCallerSubject(callerSubject);
SecurityContextCallbackHandler sch = new SecurityContextCallbackHandler(this.securityContext);
- RoleGroup callerRoles = authzMgr.getSubjectRoles(callerSubject, sch);
+ RoleGroup callerRoles = null;
+ if (roles == null)
+ callerRoles = authzMgr.getSubjectRoles(callerSubject, sch);
+ else
+ {
+ callerRoles = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
+ for (String role : roles)
+ {
+ callerRoles.addRole(new SimpleRole(role));
+ }
+ }
try
{
@@ -171,6 +221,17 @@
String contextID,
Subject callerSubject)
{
+ return hasUserDataPermission(contextMap, request, response, contextID, callerSubject, null);
+ }
+
+ @Override
+ public boolean hasUserDataPermission(Map<String, Object> contextMap,
+ ServletRequest request,
+ ServletResponse response,
+ String contextID,
+ Subject callerSubject,
+ List<String> roles)
+ {
if(contextID == null)
throw new IllegalArgumentException("ContextID is null");
if(callerSubject == null)
@@ -194,7 +255,17 @@
webResource.setCallerSubject(callerSubject);
SecurityContextCallbackHandler sch = new SecurityContextCallbackHandler(this.securityContext);
- RoleGroup callerRoles = authzMgr.getSubjectRoles(callerSubject, sch);
+ RoleGroup callerRoles = null;
+ if (roles == null)
+ callerRoles = authzMgr.getSubjectRoles(callerSubject, sch);
+ else
+ {
+ callerRoles = new SimpleRoleGroup(SecurityConstants.ROLES_IDENTIFIER);
+ for (String role : roles)
+ {
+ callerRoles.addRole(new SimpleRole(role));
+ }
+ }
try
{
Modified: trunk/security-spi/spi/src/main/java/org/jboss/security/javaee/AbstractWebAuthorizationHelper.java
===================================================================
--- trunk/security-spi/spi/src/main/java/org/jboss/security/javaee/AbstractWebAuthorizationHelper.java 2011-09-29 13:49:04 UTC (rev 266)
+++ trunk/security-spi/spi/src/main/java/org/jboss/security/javaee/AbstractWebAuthorizationHelper.java 2011-10-04 21:14:37 UTC (rev 267)
@@ -22,6 +22,7 @@
package org.jboss.security.javaee;
import java.security.Principal;
+import java.util.List;
import java.util.Map;
import java.util.Set;
@@ -68,7 +69,29 @@
ServletResponse response,
Subject callerSubject,
String contextID,
- String canonicalRequestURI);
+ String canonicalRequestURI);
+
+ /**
+ * Validate that the caller has the permission to access a web resource
+ * @param contextMap
+ * @param request
+ * @param response
+ * @param callerSubject
+ * @param contextID
+ * @param canonicalRequestURI
+ * @param roles
+ * @return true - permitted
+ * @throws IllegalArgumentException request, response, callerSubject, contextID or canonicalRequestURI is null
+ * @throws IllegalStateException Authorization Manager from Security Context is null
+ */
+ public abstract boolean checkResourcePermission(
+ Map<String, Object> contextMap,
+ ServletRequest request,
+ ServletResponse response,
+ Subject callerSubject,
+ String contextID,
+ String canonicalRequestURI,
+ List<String> roles);
/**
* Validate that the caller has the required role to access a resource
@@ -91,6 +114,28 @@
Subject callerSubject);
/**
+ * Validate that the caller has the required role to access a resource
+ * @param roleName
+ * @param principal
+ * @param servletName
+ * @param principalRoles
+ * @param contextID
+ * @param callerSubject
+ * @param roles
+ * @return
+ * @throws IllegalArgumentException roleName, contextID, callerSubject is null
+ * @throws IllegalStateException Authorization Manager from Security Context is null
+ */
+ public abstract boolean hasRole(
+ String roleName,
+ Principal principal,
+ String servletName,
+ Set<Principal> principalRoles,
+ String contextID,
+ Subject callerSubject,
+ List<String> roles);
+
+ /**
* Validate whether the transport constraints are met by the caller
* @param contextMap
* @param request
@@ -107,4 +152,24 @@
ServletResponse response,
String contextID,
Subject callerSubject);
+
+ /**
+ * Validate whether the transport constraints are met by the caller
+ * @param contextMap
+ * @param request
+ * @param response
+ * @param contextID
+ * @param callerSubject
+ * @param roles
+ * @return
+ * @throws IllegalArgumentException request, response, callerSubject or contextID is null
+ * @throws IllegalStateException Authorization Manager from Security Context is null
+ */
+ public abstract boolean hasUserDataPermission(
+ Map<String,Object> contextMap,
+ ServletRequest request,
+ ServletResponse response,
+ String contextID,
+ Subject callerSubject,
+ List<String> roles);
}
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list