[jboss-svn-commits] JBL Code SVN: r18680 - in labs/jbosslabs/labs-3.0-build/views/admin/src/main: webapp/WEB-INF and 3 other directories.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Tue Mar 4 17:51:58 EST 2008
Author: wrzep
Date: 2008-03-04 17:51:58 -0500 (Tue, 04 Mar 2008)
New Revision: 18680
Added:
labs/jbosslabs/labs-3.0-build/views/admin/src/main/java/org/jboss/labs/admin/auth/SecurityManager.java
Modified:
labs/jbosslabs/labs-3.0-build/views/admin/src/main/java/org/jboss/labs/admin/auth/Authenticator.java
labs/jbosslabs/labs-3.0-build/views/admin/src/main/webapp/WEB-INF/components.xml
labs/jbosslabs/labs-3.0-build/views/admin/src/main/webapp/WEB-INF/pages.xml
labs/jbosslabs/labs-3.0-build/views/admin/src/main/webapp/WEB-INF/web.xml
labs/jbosslabs/labs-3.0-build/views/admin/src/main/webapp/jbpm/createProject.jpdl.xml
labs/jbosslabs/labs-3.0-build/views/admin/src/main/webapp/jbpm/joinProject.jpdl.xml
labs/jbosslabs/labs-3.0-build/views/admin/src/main/webapp/layout/template.xhtml
labs/jbosslabs/labs-3.0-build/views/admin/src/main/webapp/project/projects.xhtml
Log:
JBLAB-931 basic security checks in jbpm and view
Modified: labs/jbosslabs/labs-3.0-build/views/admin/src/main/java/org/jboss/labs/admin/auth/Authenticator.java
===================================================================
--- labs/jbosslabs/labs-3.0-build/views/admin/src/main/java/org/jboss/labs/admin/auth/Authenticator.java 2008-03-04 16:24:20 UTC (rev 18679)
+++ labs/jbosslabs/labs-3.0-build/views/admin/src/main/java/org/jboss/labs/admin/auth/Authenticator.java 2008-03-04 22:51:58 UTC (rev 18680)
@@ -27,9 +27,12 @@
import org.jboss.labs.admin.Pages;
import org.jboss.labs.auth.UserService;
import org.jboss.labs.core.model.auth.User;
+import org.jboss.labs.core.model.auth.UserRole;
+import org.jboss.labs.core.service.ProjectService;
import org.jboss.labs.exception.auth.NoSuchUserException;
import org.jboss.labs.injection.seam.Guice;
import org.jboss.seam.ScopeType;
+import org.jboss.seam.security.Identity;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Logger;
import org.jboss.seam.annotations.Name;
@@ -42,6 +45,8 @@
import javax.faces.context.FacesContext;
import java.io.IOException;
import java.security.Principal;
+import java.util.Set;
+import java.util.Collection;
@Name("authenticator")
@@ -54,28 +59,41 @@
@In private FacesContext facesContext;
- @Inject UserService userService;
+ @Inject private UserService userService;
+ @Inject private ProjectService projectService;
+
@In private Session session;
@Logger private Log log;
public void autoLogin() throws NoSuchUserException {
- Principal p = facesContext.getExternalContext().getUserPrincipal();
- String login = p.getName();
+ System.out.println("Authenticator.autoLogin");
- if ((actor.getId() == null) || (!actor.getId().equals(login))) {
-
+ final Principal p = facesContext.getExternalContext().getUserPrincipal();
+ final String login = p.getName();
+
+ //if ((actor.getId() == null) || (!actor.getId().equals(login))) {
actor.setId(login);
+ //}
- // TODO call AuthService to check if the current user can accept projects
- actor.getGroupActorIds().add("reviewer");
- }
-
if (user == null) {
user = userService.getUserByLogin(login);
}
+
+ final Set<UserRole> roles = user.getUserRoles();
+ for (UserRole role : roles) {
+ actor.getGroupActorIds().add(role.getId());
+ }
+
+ final Collection<String> projectIds = projectService.getProjectIds();
+ for (String projectId : projectIds) {
+ if (userService.getSuperusersForProject(projectId).contains(user)) {
+ final String roleName = projectId + "_" + "SUPERUSER";
+ actor.getGroupActorIds().add(roleName);
+ }
+ }
}
public String logout() {
@@ -83,7 +101,7 @@
actor.setId(null);
actor.getGroupActorIds().clear();
- ExternalContext externalContext = facesContext.getExternalContext();
+ ExternalContext externalContext = facesContext.getExternalContext();
try {
session.invalidate();
externalContext.redirect("josso_logout/");
Added: labs/jbosslabs/labs-3.0-build/views/admin/src/main/java/org/jboss/labs/admin/auth/SecurityManager.java
===================================================================
--- labs/jbosslabs/labs-3.0-build/views/admin/src/main/java/org/jboss/labs/admin/auth/SecurityManager.java (rev 0)
+++ labs/jbosslabs/labs-3.0-build/views/admin/src/main/java/org/jboss/labs/admin/auth/SecurityManager.java 2008-03-04 22:51:58 UTC (rev 18680)
@@ -0,0 +1,44 @@
+/*
+* JBoss Labs. http://labs.jboss.com/jbosslabs
+*
+* Copyright © 2008 Red Hat Middleware, LLC. All rights reserved.
+*
+* This copyrighted material is made available to anyone wishing to use,
+* modify, copy, or redistribute it subject to the terms and conditions
+* of the GNU Lesser General Public License, v. 2.1.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT A WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License, v.2.1 along with this distribution; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+* 02110-1301, USA.
+*
+* Red Hat Author(s): Bob McWhirter, Przemyslaw Dej, Ryszard Kozmik,
+* Tomasz Szymanski, Adam Warski, Pawel Wrzeszcz
+*/
+
+package org.jboss.labs.admin.auth;
+
+import org.jboss.seam.annotations.In;
+import org.jboss.seam.annotations.Name;
+import org.jboss.seam.security.Identity;
+import org.jboss.seam.bpm.Actor;
+
+
+ at Name("securityManager")
+public class SecurityManager {
+
+ @In private Actor actor;
+
+ public boolean canEdit(String projectId) {
+
+ final String editRole = projectId + "_" + "SUPERUSER";
+
+ return actor.getGroupActorIds().contains(editRole);
+ //|| identity.hasRole("Administrators");
+ }
+}
\ No newline at end of file
Modified: labs/jbosslabs/labs-3.0-build/views/admin/src/main/webapp/WEB-INF/components.xml
===================================================================
--- labs/jbosslabs/labs-3.0-build/views/admin/src/main/webapp/WEB-INF/components.xml 2008-03-04 16:24:20 UTC (rev 18679)
+++ labs/jbosslabs/labs-3.0-build/views/admin/src/main/webapp/WEB-INF/components.xml 2008-03-04 22:51:58 UTC (rev 18680)
@@ -58,9 +58,11 @@
</bpm:process-definitions>
</bpm:jbpm>
- <!-- email addresses -->
- <factory name="emailFrom" value="jboss at o2.pl" scope="APPLICATION"/>
- <factory name="emailIT" value="jboss at o2.pl" scope="APPLICATION"/>
- <factory name="emailReplyTo" value="jboss at o2.pl" scope="APPLICATION"/>
+ <!--<security:identity authenticate-method="#{authenticator.authenticate}"/> -->
+ <!-- email addresses -->
+ <factory name="emailFrom" value="jboss at o2.pl" scope="APPLICATION"/>
+ <factory name="emailIT" value="jboss at o2.pl" scope="APPLICATION"/>
+ <factory name="emailReplyTo" value="jboss at o2.pl" scope="APPLICATION"/>
+
</components>
Modified: labs/jbosslabs/labs-3.0-build/views/admin/src/main/webapp/WEB-INF/pages.xml
===================================================================
--- labs/jbosslabs/labs-3.0-build/views/admin/src/main/webapp/WEB-INF/pages.xml 2008-03-04 16:24:20 UTC (rev 18679)
+++ labs/jbosslabs/labs-3.0-build/views/admin/src/main/webapp/WEB-INF/pages.xml 2008-03-04 22:51:58 UTC (rev 18680)
@@ -4,6 +4,8 @@
xsi:schemaLocation="http://jboss.com/products/seam/pages http://jboss.com/products/seam/pages-2.0.xsd"
no-conversation-view-id="/home.xhtml">
+ <page view-id="/*" action="#{authenticator.autoLogin()}"/>
+
<exception class="org.jboss.labs.exception.admin.ProjectNotFoundException">
<redirect view-id="/error.xhtml">
<message>Project not found</message>
Modified: labs/jbosslabs/labs-3.0-build/views/admin/src/main/webapp/WEB-INF/web.xml
===================================================================
--- labs/jbosslabs/labs-3.0-build/views/admin/src/main/webapp/WEB-INF/web.xml 2008-03-04 16:24:20 UTC (rev 18679)
+++ labs/jbosslabs/labs-3.0-build/views/admin/src/main/webapp/WEB-INF/web.xml 2008-03-04 22:51:58 UTC (rev 18680)
@@ -62,7 +62,11 @@
<security-role-ref>
<role-name>Users</role-name>
<role-link>Users</role-link>
- </security-role-ref>
+ </security-role-ref>
+ <security-role-ref>
+ <role-name>Administrators</role-name>
+ <role-link>Administrators</role-link>
+ </security-role-ref>
</servlet>
<servlet-mapping>
@@ -95,11 +99,15 @@
</web-resource-collection>
<auth-constraint>
<role-name>Users</role-name>
- </auth-constraint>
+ <role-name>Administrators</role-name>
+ </auth-constraint>
</security-constraint>
<security-role>
- <role-name>Users</role-name>
+ <role-name>Users</role-name>
</security-role>
+ <security-role>
+ <role-name>Administrators</role-name>
+ </security-role>
</web-app>
Modified: labs/jbosslabs/labs-3.0-build/views/admin/src/main/webapp/jbpm/createProject.jpdl.xml
===================================================================
--- labs/jbosslabs/labs-3.0-build/views/admin/src/main/webapp/jbpm/createProject.jpdl.xml 2008-03-04 16:24:20 UTC (rev 18679)
+++ labs/jbosslabs/labs-3.0-build/views/admin/src/main/webapp/jbpm/createProject.jpdl.xml 2008-03-04 22:51:58 UTC (rev 18680)
@@ -12,7 +12,7 @@
<task-node name="decide">
<task name="approve" description="Request to create new project: '#{projectRequest.name}'">
- <assignment pooled-actors="reviewer"/>
+ <assignment pooled-actors="Administrators"/>
</task>
<transition name="approve" to="done">
<action expression="#{notifier.projectApproved}"/>
Modified: labs/jbosslabs/labs-3.0-build/views/admin/src/main/webapp/jbpm/joinProject.jpdl.xml
===================================================================
--- labs/jbosslabs/labs-3.0-build/views/admin/src/main/webapp/jbpm/joinProject.jpdl.xml 2008-03-04 16:24:20 UTC (rev 18679)
+++ labs/jbosslabs/labs-3.0-build/views/admin/src/main/webapp/jbpm/joinProject.jpdl.xml 2008-03-04 22:51:58 UTC (rev 18680)
@@ -12,7 +12,7 @@
<task-node name="decide">
<task name="approve" description="User '#{joinRequest.username}' wants to join project '#{joinRequest.projectId}'">
- <assignment pooled-actors="reviewer"/>
+ <assignment pooled-actors="#{joinRequest.projectId}_SUPERUSER, Administrators"/>
</task>
<transition name="approve" to="done">
<action expression="#{joinNotifier.approved}"/>
Modified: labs/jbosslabs/labs-3.0-build/views/admin/src/main/webapp/layout/template.xhtml
===================================================================
--- labs/jbosslabs/labs-3.0-build/views/admin/src/main/webapp/layout/template.xhtml 2008-03-04 16:24:20 UTC (rev 18679)
+++ labs/jbosslabs/labs-3.0-build/views/admin/src/main/webapp/layout/template.xhtml 2008-03-04 22:51:58 UTC (rev 18680)
@@ -14,8 +14,6 @@
</head>
<body>
- <!-- <h:outputText value="#{authenticator.autoLogin()}" rendered="#{empty actor.id}"/> -->
-
<ui:include src="menu.xhtml">
<ui:param name="projectName" value="admin"/>
</ui:include>
Modified: labs/jbosslabs/labs-3.0-build/views/admin/src/main/webapp/project/projects.xhtml
===================================================================
--- labs/jbosslabs/labs-3.0-build/views/admin/src/main/webapp/project/projects.xhtml 2008-03-04 16:24:20 UTC (rev 18679)
+++ labs/jbosslabs/labs-3.0-build/views/admin/src/main/webapp/project/projects.xhtml 2008-03-04 22:51:58 UTC (rev 18680)
@@ -25,7 +25,7 @@
<f:facet name="header">Name</f:facet>
<h:outputText value="#{project.name} "/>
<h:commandLink value="[edit]" action="#{viewProject.view(project.projectId)}"
- rendered="#{true}"/>
+ rendered="#{securityManager.canEdit(project.projectId)}"/>
</h:column>
</h:dataTable>
</h:form>
More information about the jboss-svn-commits
mailing list