[seam-commits] Seam SVN: r8092 - in trunk/src/main/org/jboss/seam: security and 1 other directories.
seam-commits at lists.jboss.org
seam-commits at lists.jboss.org
Thu May 1 04:41:03 EDT 2008
Author: shane.bryzak at jboss.com
Date: 2008-05-01 04:41:03 -0400 (Thu, 01 May 2008)
New Revision: 8092
Added:
trunk/src/main/org/jboss/seam/annotations/security/management/RoleConditional.java
trunk/src/main/org/jboss/seam/security/permission/RoleCheck.java
Modified:
trunk/src/main/org/jboss/seam/security/Role.java
trunk/src/main/org/jboss/seam/security/permission/PersistentPermissionResolver.java
trunk/src/main/org/jboss/seam/security/permission/RuleBasedPermissionResolver.java
Log:
changed some terminology, implemented conditional roles
Added: trunk/src/main/org/jboss/seam/annotations/security/management/RoleConditional.java
===================================================================
--- trunk/src/main/org/jboss/seam/annotations/security/management/RoleConditional.java (rev 0)
+++ trunk/src/main/org/jboss/seam/annotations/security/management/RoleConditional.java 2008-05-01 08:41:03 UTC (rev 8092)
@@ -0,0 +1,6 @@
+package org.jboss.seam.annotations.security.management;
+
+public @interface RoleConditional
+{
+
+}
Modified: trunk/src/main/org/jboss/seam/security/Role.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/Role.java 2008-05-01 04:30:06 UTC (rev 8091)
+++ trunk/src/main/org/jboss/seam/security/Role.java 2008-05-01 08:41:03 UTC (rev 8092)
@@ -1,28 +1,28 @@
package org.jboss.seam.security;
/**
- * Represents a user role. A dynamic role is a special type of role that is assigned to a user
+ * Represents a user role. A conditional role is a special type of role that is assigned to a user
* based on the contextual state of a permission check.
*
* @author Shane Bryzak
*/
public class Role extends SimplePrincipal
{
- private boolean dynamic;
+ private boolean conditional;
public Role(String name)
{
super(name);
}
- public Role(String name, boolean dynamic)
+ public Role(String name, boolean conditional)
{
this(name);
- this.dynamic = true;
+ this.conditional = true;
}
- public boolean isDynamic()
+ public boolean isConditional()
{
- return dynamic;
+ return conditional;
}
}
Modified: trunk/src/main/org/jboss/seam/security/permission/PersistentPermissionResolver.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/PersistentPermissionResolver.java 2008-05-01 04:30:06 UTC (rev 8091)
+++ trunk/src/main/org/jboss/seam/security/permission/PersistentPermissionResolver.java 2008-05-01 08:41:03 UTC (rev 8092)
@@ -97,9 +97,10 @@
{
Role role = (Role) permission.getRecipient();
- if (role.isDynamic())
+ if (role.isConditional())
{
- // TODO implement dynamic permissions
+ RuleBasedPermissionResolver resolver = RuleBasedPermissionResolver.instance();
+ return resolver.checkConditionalRole(role.getName(), target, action);
}
else if (identity.hasRole(role.getName()))
{
Added: trunk/src/main/org/jboss/seam/security/permission/RoleCheck.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/RoleCheck.java (rev 0)
+++ trunk/src/main/org/jboss/seam/security/permission/RoleCheck.java 2008-05-01 08:41:03 UTC (rev 8092)
@@ -0,0 +1,34 @@
+package org.jboss.seam.security.permission;
+
+import java.io.Serializable;
+
+/**
+ * Used when performing rule-based dynamic role checks
+ *
+ * @author Shane Bryzak
+ */
+public class RoleCheck implements Serializable
+{
+ private String name;
+ private boolean granted;
+
+ public RoleCheck(String name)
+ {
+ this.name = name;
+ }
+
+ public boolean isGranted()
+ {
+ return granted;
+ }
+
+ public void grant()
+ {
+ this.granted = true;
+ }
+
+ public void revoke()
+ {
+ this.granted = false;
+ }
+}
Modified: trunk/src/main/org/jboss/seam/security/permission/RuleBasedPermissionResolver.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/permission/RuleBasedPermissionResolver.java 2008-05-01 04:30:06 UTC (rev 8091)
+++ trunk/src/main/org/jboss/seam/security/permission/RuleBasedPermissionResolver.java 2008-05-01 08:41:03 UTC (rev 8092)
@@ -106,8 +106,7 @@
{
handles.add( securityContext.insert(target) );
}
-
- if (target instanceof Class)
+ else if (target instanceof Class)
{
String componentName = Seam.getComponentName((Class) target);
target = componentName != null ? componentName : ((Class) target).getName();
@@ -117,19 +116,69 @@
synchronized( securityContext )
{
- synchronizeContext();
-
- handles.add( securityContext.insert(check) );
-
- securityContext.fireAllRules();
+ try
+ {
+ synchronizeContext();
+
+ handles.add( securityContext.insert(check) );
- for (FactHandle handle : handles)
- securityContext.retract(handle);
+ securityContext.fireAllRules();
+ }
+ finally
+ {
+ for (FactHandle handle : handles)
+ {
+ securityContext.retract(handle);
+ }
+ }
}
return check.isGranted();
}
+ public boolean checkConditionalRole(String roleName, Object target, String action)
+ {
+ if (getSecurityContext() == null) return false;
+
+ RoleCheck roleCheck = new RoleCheck(roleName);
+
+ List<FactHandle> handles = new ArrayList<FactHandle>();
+ handles.add(getSecurityContext().insert(roleCheck));
+
+ if (!(target instanceof String) && !(target instanceof Class))
+ {
+ handles.add( securityContext.insert(target) );
+ }
+ else if (target instanceof Class)
+ {
+ String componentName = Seam.getComponentName((Class) target);
+ target = componentName != null ? componentName : ((Class) target).getName();
+ }
+
+ PermissionCheck check = new PermissionCheck(target, action);
+
+ synchronized( securityContext )
+ {
+ try
+ {
+ synchronizeContext();
+
+ handles.add( securityContext.insert(check));
+
+ securityContext.fireAllRules();
+ }
+ finally
+ {
+ for (FactHandle handle : handles)
+ {
+ securityContext.retract(handle);
+ }
+ }
+ }
+
+ return roleCheck.isGranted();
+ }
+
@SuppressWarnings("unchecked")
@Observer(Identity.EVENT_LOGGED_OUT)
public void unAuthenticate()
More information about the seam-commits
mailing list