[jboss-user] [JBoss Seam] - Re: How to use Seam Extended Security without Rule Engine?
msystems
do-not-reply at jboss.com
Fri Feb 8 06:40:56 EST 2008
"wchico2" wrote : What about the configuration? When using the Rule engine one would specify it in the components.xml. I assume I would leave that out and only specify that I use the basic Seam security despite the application of e.g. s:hasPermission and such.
Just use the 'normal' Seam security configuration:
| <security:identity authenticate-method="#{authenticatorService.authenticate}"/>
|
"wchico2" wrote :
| However, I am not sure if in this case that extended security can really be used. Has anybody tested this approach?
|
Yes, I have :-)
I'm not using this approach anymore - I'm using JBoss Rules.
Here is an example without JBoss Rules - Java based permissions control:
| @Name("org.jboss.seam.security.identity")
| @Scope(ScopeType.SESSION)
| @Install(precedence = Install.APPLICATION)
| @BypassInterceptors
| @Startup
| public class SineIdentity extends Identity {
| private static final LogProvider log = Logging.getLogProvider(SineIdentity.class);
|
| private static Set<String> permissionsMethods = new HashSet<String>();
|
| private Set<String> roles = new HashSet<String>();
|
| static {
| permissionsMethods.add("hasPermissionLms");
| permissionsMethods.add("hasPermissionOrderTerminalsAndAddons");
| permissionsMethods.add("hasPermissionTerminalsConnection");
| permissionsMethods.add("hasPermissionUpdateOperationStatus");
| permissionsMethods.add("hasPermissionViewOperationStatus");
| permissionsMethods.add("hasPermissionUploadDocuments");
| permissionsMethods.add("hasPermissionViewSystemDocuments");
| permissionsMethods.add("hasPermissionViewStandardDocuments");
| permissionsMethods.add("hasPermissionUploadReports");
| permissionsMethods.add("hasPermissionViewDynamicsReports");
| permissionsMethods.add("hasPermissionViewType1Reports");
| permissionsMethods.add("hasPermissionViewType2Reports");
| permissionsMethods.add("hasPermissionQuestionnaireParticipation");
| permissionsMethods.add("hasPermissionUserAdministration");
| permissionsMethods.add("hasPermissionAdministrator"); // Administrator only !
| }
|
| @Override
| public boolean addRole(String role) {
| if (log.isDebugEnabled()) {
| log.debug("Adding role: " + role);
| }
|
| roles.add(role);
| return super.addRole(role);
| }
|
| @Override
| protected boolean evaluateExpression(String expr) {
| if (permissionsMethods.contains(expr)) {
| FacesContext context = FacesContext.getCurrentInstance();
|
| MethodExpression method = context.getApplication().getExpressionFactory().createMethodExpression(
| context.getELContext(), "#{identity." + expr + "}", Boolean.class, new Class[] {});
|
| if (log.isDebugEnabled()) {
| log.debug("SineIdentity: evaluateExpression(String expr) invoked.");
| }
| return (Boolean) method.invoke(FacesContext.getCurrentInstance().getELContext(), new Object[] {});
| } else {
| if (log.isDebugEnabled()) {
| log.debug("Identity: evaluateExpression(String expr) invoked.");
| }
| return super.evaluateExpression(expr);
| }
| }
|
| public boolean hasPermissionLms() {
| if (!isLoggedIn()) {
| if (log.isDebugEnabled()) {
| log.debug("hasPermissionLms: not logged in");
| }
| return false;
| }
|
| boolean hasPermission = false;
| for (String role : roles) {
| if (RolePermissionType.LMS.hasRolePermission(role)) {
| hasPermission = true;
| break;
| }
| }
|
| if (log.isDebugEnabled()) {
| log.debug("hasPermissionLms: " + hasPermission);
| }
| return hasPermission;
| }
|
| public boolean hasPermissionOrderTerminalsAndAddons() {
| if (!isLoggedIn()) {
| if (log.isDebugEnabled()) {
| log.debug("hasPermissionOrderTerminalsAndAddons: not logged in");
| }
| return false;
| }
|
| boolean hasPermission = false;
| for (String role : roles) {
| if (RolePermissionType.ORDER_TERMINALS_AND_ADDONS.hasRolePermission(role)) {
| hasPermission = true;
| break;
| }
| }
|
| if (log.isDebugEnabled()) {
| log.debug("hasPermissionOrderTerminalsAndAddons: " + hasPermission);
| }
| return hasPermission;
| }
|
| public boolean hasPermissionTerminalsConnection() {
| if (!isLoggedIn()) {
| if (log.isDebugEnabled()) {
| log.debug("hasPermissionTerminalsConnection: not logged in");
| }
| return false;
| }
|
| boolean hasPermission = false;
| for (String role : roles) {
| if (RolePermissionType.TERMINALS_CONNECTION.hasRolePermission(role)) {
| hasPermission = true;
| break;
| }
| }
|
| if (log.isDebugEnabled()) {
| log.debug("hasPermissionTerminalsConnection: " + hasPermission);
| }
| return hasPermission;
| }
|
| public boolean hasPermissionUpdateOperationStatus() {
| if (!isLoggedIn()) {
| if (log.isDebugEnabled()) {
| log.debug("hasPermissionUpdateOperationStatus: not logged in");
| }
| return false;
| }
|
| boolean hasPermission = false;
| for (String role : roles) {
| if (RolePermissionType.UPDATE_OPERATION_STATUS.hasRolePermission(role)) {
| hasPermission = true;
| break;
| }
| }
|
| if (log.isDebugEnabled()) {
| log.debug("hasPermissionUpdateOperationStatus: " + hasPermission);
| }
| return hasPermission;
| }
|
| public boolean hasPermissionViewOperationStatus() {
| if (!isLoggedIn()) {
| if (log.isDebugEnabled()) {
| log.debug("hasPermissionViewOperationStatus: not logged in");
| }
| return false;
| }
|
| boolean hasPermission = false;
| for (String role : roles) {
| if (RolePermissionType.VIEW_OPERATION_STATUS.hasRolePermission(role)) {
| hasPermission = true;
| break;
| }
| }
|
| if (log.isDebugEnabled()) {
| log.debug("hasPermissionViewOperationStatus: " + hasPermission);
| }
| return hasPermission;
| }
|
| public boolean hasPermissionUploadDocuments() {
| if (!isLoggedIn()) {
| if (log.isDebugEnabled()) {
| log.debug("hasPermissionUploadDocuments: not logged in");
| }
| return false;
| }
|
| boolean hasPermission = false;
| for (String role : roles) {
| if (RolePermissionType.UPLOAD_DOCUMENTS.hasRolePermission(role)) {
| hasPermission = true;
| break;
| }
| }
|
| if (log.isDebugEnabled()) {
| log.debug("hasPermissionUploadDocuments: " + hasPermission);
| }
| return hasPermission;
| }
|
| public boolean hasPermissionViewSystemDocuments() {
| if (!isLoggedIn()) {
| if (log.isDebugEnabled()) {
| log.debug("hasPermissionViewSystemDocuments: not logged in");
| }
| return false;
| }
|
| boolean hasPermission = false;
| for (String role : roles) {
| if (RolePermissionType.VIEW_SYSTEM_DOCUMENTS.hasRolePermission(role)) {
| hasPermission = true;
| break;
| }
| }
|
| if (log.isDebugEnabled()) {
| log.debug("hasPermissionViewSystemDocuments: " + hasPermission);
| }
| return hasPermission;
| }
|
| public boolean hasPermissionViewStandardDocuments() {
| if (!isLoggedIn()) {
| if (log.isDebugEnabled()) {
| log.debug("hasPermissionViewStandardDocuments: not logged in");
| }
| return false;
| }
|
| boolean hasPermission = false;
| for (String role : roles) {
| if (RolePermissionType.VIEW_STANDARD_DOCUMENTS.hasRolePermission(role)) {
| hasPermission = true;
| break;
| }
| }
|
| if (log.isDebugEnabled()) {
| log.debug("hasPermissionViewStandardDocuments: " + hasPermission);
| }
| return hasPermission;
| }
|
| public boolean hasPermissionUploadReports() {
| if (!isLoggedIn()) {
| if (log.isDebugEnabled()) {
| log.debug("hasPermissionUploadReports: not logged in");
| }
| return false;
| }
|
| boolean hasPermission = false;
| for (String role : roles) {
| if (RolePermissionType.UPLOAD_REPORTS.hasRolePermission(role)) {
| hasPermission = true;
| break;
| }
| }
|
| if (log.isDebugEnabled()) {
| log.debug("hasPermissionUploadReports: " + hasPermission);
| }
| return hasPermission;
| }
|
| public boolean hasPermissionViewDynamicsReports() {
| if (!isLoggedIn()) {
| if (log.isDebugEnabled()) {
| log.debug("hasPermissionViewDynamicsReports: not logged in");
| }
| return false;
| }
|
| boolean hasPermission = false;
| for (String role : roles) {
| if (RolePermissionType.VIEW_DYNAMICS_REPORTS.hasRolePermission(role)) {
| hasPermission = true;
| break;
| }
| }
|
| if (log.isDebugEnabled()) {
| log.debug("hasPermissionViewDynamicsReports: " + hasPermission);
| }
| return hasPermission;
| }
|
| public boolean hasPermissionViewType1Reports() {
| if (!isLoggedIn()) {
| if (log.isDebugEnabled()) {
| log.debug("hasPermissionViewType1Reports: not logged in");
| }
| return false;
| }
|
| boolean hasPermission = false;
| for (String role : roles) {
| if (RolePermissionType.VIEW_TYPE1_REPORTS.hasRolePermission(role)) {
| hasPermission = true;
| break;
| }
| }
|
| if (log.isDebugEnabled()) {
| log.debug("hasPermissionViewType1Reports: " + hasPermission);
| }
| return hasPermission;
| }
|
| public boolean hasPermissionViewType2Reports() {
| if (!isLoggedIn()) {
| if (log.isDebugEnabled()) {
| log.debug("hasPermissionViewType2Reports: not logged in");
| }
| return false;
| }
|
| boolean hasPermission = false;
| for (String role : roles) {
| if (RolePermissionType.VIEW_TYPE2_REPORTS.hasRolePermission(role)) {
| hasPermission = true;
| break;
| }
| }
|
| if (log.isDebugEnabled()) {
| log.debug("hasPermissionViewType2Reports: " + hasPermission);
| }
| return hasPermission;
| }
|
| public boolean hasPermissionQuestionnaireParticipation() {
| if (!isLoggedIn()) {
| if (log.isDebugEnabled()) {
| log.debug("hasPermissionQuestionnaireParticipation: not logged in");
| }
| return false;
| }
|
| boolean hasPermission = false;
| for (String role : roles) {
| if (RolePermissionType.QUESTIONNAIRE_PARTICIPATION.hasRolePermission(role)) {
| hasPermission = true;
| break;
| }
| }
|
| if (log.isDebugEnabled()) {
| log.debug("hasPermissionQuestionnaireParticipation: " + hasPermission);
| }
| return hasPermission;
| }
|
| public boolean hasPermissionUserAdministration() {
| if (!isLoggedIn()) {
| if (log.isDebugEnabled()) {
| log.debug("hasPermissionUserAdministration: not logged in");
| }
| return false;
| }
|
| boolean hasPermission = false;
| for (String role : roles) {
| if (RolePermissionType.USER_ADMINISTRATION.hasRolePermission(role)) {
| hasPermission = true;
| break;
| }
| }
|
| if (log.isDebugEnabled()) {
| log.debug("hasPermissionUserAdministration: " + hasPermission);
| }
| return hasPermission;
| }
|
| public boolean hasPermissionAdministrator() {
| if (!isLoggedIn()) {
| if (log.isDebugEnabled()) {
| log.debug("hasPermissionAdministrator: not logged in");
| }
| return false;
| }
|
| boolean hasPermission = false;
| for (String role : roles) {
| if (RolePermissionType.ADMINISTRATOR.hasRolePermission(role)) {
| hasPermission = true;
| break;
| }
| }
|
| if (log.isDebugEnabled()) {
| log.debug("hasPermissionAdministrator: " + hasPermission);
| }
| return hasPermission;
| }
| }
|
|
Using the permissions in Java source:
| @Restrict("hasPermissionUserAdministration")
| public String createUser() {
| ...
| ....
| }
|
Using the permissions in pages.xml:
| <page view-id="/xhtml/sec/admin/createUser.jspx">
| <restrict>hasPermissionUserAdministration</restrict>
|
| <navigation>
| <rule if-outcome="success">
| <render view-id="/xhtml/sec/admin/successful.jspx"/>
| </rule>
|
| <rule if-outcome="fail">
| <render view-id="/xhtml/sec/admin/fails.jspx"/>
| </rule>
| </navigation>
| </page>
|
Using the permissions in .xhtml:
| <s:fragment rendered="#{identity.hasPermissionUserAdministration()}">
| <li>
| <s:link id="m1" value="#{messages.adminLeftMenuCreateUserTitle}" action="#{leftMenuUi.setMenuId('m1')}" view="/xhtml/sec/admin/createUser.jspx" propagation="none"/>
| </li>
| </s:fragment>
|
But again, I recommend you to use JBoss Rules :-)
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4127765#4127765
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4127765
More information about the jboss-user
mailing list