[seam-commits] Seam SVN: r7158 - trunk/src/main/org/jboss/seam/security.
seam-commits at lists.jboss.org
seam-commits at lists.jboss.org
Sun Jan 20 01:41:40 EST 2008
Author: shane.bryzak at jboss.com
Date: 2008-01-20 01:41:39 -0500 (Sun, 20 Jan 2008)
New Revision: 7158
Added:
trunk/src/main/org/jboss/seam/security/RunAsOperation.java
Modified:
trunk/src/main/org/jboss/seam/security/Identity.java
trunk/src/main/org/jboss/seam/security/RuleBasedIdentity.java
Log:
JBSEAM-737
Modified: trunk/src/main/org/jboss/seam/security/Identity.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/Identity.java 2008-01-19 22:52:43 UTC (rev 7157)
+++ trunk/src/main/org/jboss/seam/security/Identity.java 2008-01-20 06:41:39 UTC (rev 7158)
@@ -608,6 +608,25 @@
{
this.jaasConfigName = jaasConfigName;
}
+
+ synchronized void runAs(RunAsOperation operation)
+ {
+ Principal savedPrincipal = getPrincipal();
+ Subject savedSubject = getSubject();
+
+ try
+ {
+ principal = operation.getPrincipal();
+ subject = operation.getSubject();
+
+ operation.execute();
+ }
+ finally
+ {
+ principal = savedPrincipal;
+ subject = savedSubject;
+ }
+ }
public void checkEntityPermission(Object entity, EntityAction action)
{
Modified: trunk/src/main/org/jboss/seam/security/RuleBasedIdentity.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/RuleBasedIdentity.java 2008-01-19 22:52:43 UTC (rev 7157)
+++ trunk/src/main/org/jboss/seam/security/RuleBasedIdentity.java 2008-01-20 06:41:39 UTC (rev 7158)
@@ -11,6 +11,8 @@
import java.util.Iterator;
import java.util.List;
+import javax.security.auth.Subject;
+
import org.drools.FactHandle;
import org.drools.RuleBase;
import org.drools.StatefulSession;
@@ -118,6 +120,8 @@
if (securityContext == null) return false;
+ synchronizeContext();
+
List<FactHandle> handles = new ArrayList<FactHandle>();
PermissionCheck check = new PermissionCheck(name, action);
@@ -196,18 +200,12 @@
@Override
public boolean addRole(String role)
{
- if (super.addRole(role))
+ if (super.addRole(role))
{
- StatefulSession securityContext = getSecurityContext();
-
- if (securityContext != null)
- {
- getSecurityContext().insert(new Role(role));
- getSecurityContext().fireAllRules();
- return true;
- }
+ synchronizeContext();
+ return true;
}
-
+
return false;
}
@@ -215,24 +213,56 @@
@Override
public void removeRole(String role)
{
- StatefulSession securityContext = getSecurityContext();
-
- if (securityContext != null)
+ super.removeRole(role);
+ synchronizeContext();
+ }
+
+ /**
+ * Synchronizes the state of the security context with that of the subject
+ */
+ private void synchronizeContext()
+ {
+ for ( Group sg : getSubject().getPrincipals(Group.class) )
{
- Iterator<Role> iter = securityContext.iterateObjects(new ClassObjectFilter(Role.class));
- while (iter.hasNext())
+ if ( ROLES_GROUP.equals( sg.getName() ) )
{
- Role r = iter.next();
- if (r.getName().equals(role))
+ Enumeration e = sg.members();
+ while (e.hasMoreElements())
{
- FactHandle fh = getSecurityContext().getFactHandle(r);
- getSecurityContext().retract(fh);
- break;
+ Principal role = (Principal) e.nextElement();
+
+ boolean found = false;
+ Iterator<Role> iter = getSecurityContext().iterateObjects(new ClassObjectFilter(Role.class));
+ while (iter.hasNext())
+ {
+ Role r = iter.next();
+ if (r.getName().equals(role.getName()))
+ {
+ FactHandle fh = getSecurityContext().getFactHandle(r);
+ found = true;
+ break;
+ }
+ }
+
+ if (!found)
+ {
+ getSecurityContext().insert(new Role(role.getName()));
+ }
+
}
}
+ }
+
+ Iterator<Role> iter = getSecurityContext().iterateObjects(new ClassObjectFilter(Role.class));
+ while (iter.hasNext())
+ {
+ Role r = iter.next();
+ if (!super.hasRole(r.getName()))
+ {
+ FactHandle fh = getSecurityContext().getFactHandle(r);
+ getSecurityContext().retract(fh);
+ }
}
-
- super.removeRole(role);
}
Added: trunk/src/main/org/jboss/seam/security/RunAsOperation.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/RunAsOperation.java (rev 0)
+++ trunk/src/main/org/jboss/seam/security/RunAsOperation.java 2008-01-20 06:41:39 UTC (rev 7158)
@@ -0,0 +1,72 @@
+package org.jboss.seam.security;
+
+import java.security.Principal;
+import java.security.acl.Group;
+
+import javax.security.auth.Subject;
+
+/**
+ * Defines a security operation that can be executed within a particular
+ * security context.
+ *
+ * @author Shane Bryzak
+ */
+public abstract class RunAsOperation
+{
+ private Principal principal;
+ private Subject subject;
+
+ public RunAsOperation()
+ {
+ principal = new SimplePrincipal(null);
+ subject = new Subject();
+ }
+
+ public abstract void execute();
+
+ public Principal getPrincipal()
+ {
+ return principal;
+ }
+
+ public Subject getSubject()
+ {
+ return subject;
+ }
+
+ public String[] getRoles()
+ {
+ return null;
+ }
+
+ private boolean addRole(String role)
+ {
+ for ( Group sg : getSubject().getPrincipals(Group.class) )
+ {
+ if ( Identity.ROLES_GROUP.equals( sg.getName() ) )
+ {
+ return sg.addMember(new SimplePrincipal(role));
+ }
+ }
+
+ SimpleGroup roleGroup = new SimpleGroup(Identity.ROLES_GROUP);
+ roleGroup.addMember(new SimplePrincipal(role));
+ getSubject().getPrincipals().add(roleGroup);
+
+ return true;
+ }
+
+ public void run()
+ {
+ String[] roles = getRoles();
+ if (roles != null)
+ {
+ for (String role : getRoles())
+ {
+ addRole(role);
+ }
+ }
+
+ Identity.instance().runAs(this);
+ }
+}
More information about the seam-commits
mailing list