[jboss-user] [JBoss Seam] - Re: External Client and Seam Security
agnadello
do-not-reply at jboss.com
Thu Nov 29 14:02:24 EST 2007
I give up!
Thanks a lot Shane for all your help.
I wasn't able to use the interceptor you suggested. I tried to add it to the default stack by Component.forName("...").addInterceptor(...) but ended up with ArrayIndexOutOfBounds etc.
My second try was to use a regular EJB3 interceptor which does the Seam login/logout and basically all the thing in SecurityInterceptor from Seam.
It's really a copy of your code:
| public class ExternalClientSecurityInterceptor {
|
| @AroundInvoke
| public Object aroundInvoke(final InvocationContext theInvocationContext)
| throws Exception {
|
| try {
| // Perform a Seam login
| this.doSeamLogin();
|
| // Get the invoked method
| final Method theInterfaceMethod = theInvocationContext.getMethod();
|
| // TODO: optimize this:
| // Check if there's a Seam @Restrict annotation on invoked method
| final Object theTarget = theInvocationContext.getTarget();
| final Method theMethod = this.getComponent(theTarget)
| .getBeanClass().getMethod(theInterfaceMethod.getName(),
| theInterfaceMethod.getParameterTypes());
| final Restrict theRestriction = this.getRestriction(theMethod,
| theTarget);
|
| // Perform security check if a restriction is found
| if (null != theRestriction && Identity.isSecurityEnabled()) {
| final String theRestrictionExpression = !Strings
| .isEmpty(theRestriction.value()) ? theRestriction
| .value() : this.createDefaultExpr(theMethod, theTarget);
| Identity.instance().checkRestriction(theRestrictionExpression);
| }
| return theInvocationContext.proceed();
| } finally {
|
| // Always logout after invocation
| this.doSeamLogout();
| }
| }
|
| private Component getComponent(final Object theTarget) {
| // Get the Seam component name of the target class
| final String theComponentName = Component.getComponentName(theTarget
| .getClass());
| // Return the component
| return Component.forName(theComponentName);
| }
|
| private void doSeamLogin() {
| Identity.instance().setUsername("user");
| Identity.instance().setPassword("Demo987!");
| Identity.instance().login();
| }
|
| private void doSeamLogout() {
| Identity.instance().logout();
| }
|
| private Restrict getRestriction(final Method theMethod,
| final Object theTarget) {
| if (theMethod.isAnnotationPresent(Restrict.class)) {
| return theMethod.getAnnotation(Restrict.class);
| } else if (this.getComponent(theTarget).getBeanClass()
| .isAnnotationPresent(Restrict.class)) {
| if (!this.getComponent(theTarget).isLifecycleMethod(theMethod)) {
| return this.getComponent(theTarget).getBeanClass()
| .getAnnotation(Restrict.class);
| }
| }
| return null;
| }
|
| /**
| * Creates a default security expression for a specified method. The method
| * must be a method of a Seam component.
| *
| * @param theMethod
| * The method for which to create a default permission expression
| * @return The generated security expression.
| */
| private String createDefaultExpr(final Method theMethod,
| final Object theTarget) {
| return String.format("#{s:hasPermission('%s','%s', null)}", this
| .getComponent(theTarget).getName(), theMethod.getName());
| }
| }
|
This enabled the recognition of the @Restrict("s:hasRole('user')") annotation on EJB methods.
Next problem - the Drools rules doesn't seem to work. Well, they work if I run from the JSF's but not from my Quartz POJO job.
I've tried to debug to see how and if my RuleBasedIdentity uses the rules but I got lost in the Drools code :-(
At least I can see that the RuleBasedIdentity is created and that my Drools rule file is read.
I'll guess I'll use default Java EE security and where I need more advanced security constraints I'll have to implement it myself... too bad.
Is there a possibility to file this feature to JIRA?
Kind regards, Andreas
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4109040#4109040
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4109040
More information about the jboss-user
mailing list