[seam-commits] Seam SVN: r8561 - in trunk/src/main/org/jboss/seam: security and 1 other directory.

Sun Aug 3 21:12:40 EDT 2008

Author: shane.bryzak at jboss.com
Date: 2008-08-03 21:12:40 -0400 (Sun, 03 Aug 2008)
New Revision: 8561

Added:
   trunk/src/main/org/jboss/seam/annotations/security/Admin.java
   trunk/src/main/org/jboss/seam/annotations/security/RoleCheck.java
Modified:
   trunk/src/main/org/jboss/seam/security/SecurityInterceptor.java
Log:
typesafe role checks

Added: trunk/src/main/org/jboss/seam/annotations/security/Admin.java
===================================================================

--- trunk/src/main/org/jboss/seam/annotations/security/Admin.java	                        (rev 0)
+++ trunk/src/main/org/jboss/seam/annotations/security/Admin.java	2008-08-04 01:12:40 UTC (rev 8561)
@@ -0,0 +1,25 @@
+package org.jboss.seam.annotations.security;
+
+import static java.lang.annotation.ElementType.METHOD;
+import static java.lang.annotation.ElementType.TYPE;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.Inherited;
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+/**
+ * Indicates that the action method requires the user to be a member of the 'admin' role to invoke.
+ * 
+ * @author Shane Bryzak
+ */
+ at Target({TYPE, METHOD})
+ at Documented
+ at Retention(RUNTIME)
+ at Inherited
+ at RoleCheck
+public @interface Admin
+{
+
+}

Added: trunk/src/main/org/jboss/seam/annotations/security/RoleCheck.java
===================================================================
--- trunk/src/main/org/jboss/seam/annotations/security/RoleCheck.java	                        (rev 0)
+++ trunk/src/main/org/jboss/seam/annotations/security/RoleCheck.java	2008-08-04 01:12:40 UTC (rev 8561)
@@ -0,0 +1,24 @@
+package org.jboss.seam.annotations.security;
+
+import static java.lang.annotation.ElementType.ANNOTATION_TYPE;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.Inherited;
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+/**
+ * Meta-annotation that designates an annotation as being a role, 
+ * requiring a security check prior to invoking the annotated method or class
+ *
+ * @author Shane Bryzak
+ */
+ at Target({ANNOTATION_TYPE})
+ at Documented
+ at Retention(RUNTIME)
+ at Inherited
+public @interface RoleCheck
+{
+
+}

Modified: trunk/src/main/org/jboss/seam/security/SecurityInterceptor.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/SecurityInterceptor.java	2008-08-03 22:08:34 UTC (rev 8560)
+++ trunk/src/main/org/jboss/seam/security/SecurityInterceptor.java	2008-08-04 01:12:40 UTC (rev 8561)
@@ -12,6 +12,7 @@
 import org.jboss.seam.annotations.intercept.InterceptorType;
 import org.jboss.seam.annotations.security.PermissionCheck;
 import org.jboss.seam.annotations.security.Restrict;
+import org.jboss.seam.annotations.security.RoleCheck;
 import org.jboss.seam.async.AsynchronousInterceptor;
 import org.jboss.seam.intercept.AbstractInterceptor;
 import org.jboss.seam.intercept.InvocationContext;
@@ -36,6 +37,7 @@
       
       private Map<String, Object> methodRestrictions;
       private Map<Integer,Set<String>> paramRestrictions;
+      private Set<String> roleRestrictions;
             
       public void setExpression(String expression)
       {
@@ -52,6 +54,16 @@
          methodRestrictions.put(action, target);
       }
       
+      public void addRoleRestriction(String role)
+      {
+         if (roleRestrictions == null)
+         {
+            roleRestrictions = new HashSet<String>();
+         }
+         
+         roleRestrictions.add(role);
+      }
+      
       public void addParameterRestriction(int index, String action)
       {
          Set<String> actions = null;
@@ -102,6 +114,14 @@
                   }
                }
             }
+            
+            if (roleRestrictions != null)
+            {
+               for (String role : roleRestrictions)
+               {
+                  Identity.instance().checkRole(role);
+               }
+            }
          }
       }
    }
@@ -178,6 +198,11 @@
                         }
                      }
                   }
+                  if (annotation.annotationType().isAnnotationPresent(RoleCheck.class))
+                  {
+                     if (restriction == null) restriction = new Restriction();
+                     restriction.addRoleRestriction(annotation.annotationType().getSimpleName().toLowerCase());
+                  }
                }               
                
                for (int i = 0; i < method.getParameterAnnotations().length; i++)


