[seam-commits] Seam SVN: r8158 - in trunk/src/main/org/jboss/seam: annotations/security and 1 other directories.
seam-commits at lists.jboss.org
seam-commits at lists.jboss.org
Mon May 12 04:17:42 EDT 2008
Author: shane.bryzak at jboss.com
Date: 2008-05-12 04:17:42 -0400 (Mon, 12 May 2008)
New Revision: 8158
Modified:
trunk/src/main/org/jboss/seam/Component.java
trunk/src/main/org/jboss/seam/annotations/security/Delete.java
trunk/src/main/org/jboss/seam/annotations/security/Insert.java
trunk/src/main/org/jboss/seam/annotations/security/Read.java
trunk/src/main/org/jboss/seam/annotations/security/Update.java
trunk/src/main/org/jboss/seam/security/SecurityInterceptor.java
Log:
support for parameter-level restrictions
Modified: trunk/src/main/org/jboss/seam/Component.java
===================================================================
--- trunk/src/main/org/jboss/seam/Component.java 2008-05-12 04:01:32 UTC (rev 8157)
+++ trunk/src/main/org/jboss/seam/Component.java 2008-05-12 08:17:42 UTC (rev 8158)
@@ -1077,20 +1077,30 @@
if ( beanClassHasAnnotation(Restrict.class) )
{
secure = true;
+ return;
}
- if (!secure)
+ for (Method method : getBeanClass().getMethods())
{
- for (Method method : getBeanClass().getMethods())
+ for (Annotation annotation : method.getAnnotations())
{
- for (Annotation annotation : method.getAnnotations())
+ if (annotation.annotationType().isAnnotationPresent(PermissionCheck.class))
{
+ secure = true;
+ return;
+ }
+ }
+
+ for (Annotation[] annotations : method.getParameterAnnotations())
+ {
+ for (Annotation annotation : annotations)
+ {
if (annotation.annotationType().isAnnotationPresent(PermissionCheck.class))
{
secure = true;
- break;
+ return;
}
- }
+ }
}
}
}
Modified: trunk/src/main/org/jboss/seam/annotations/security/Delete.java
===================================================================
--- trunk/src/main/org/jboss/seam/annotations/security/Delete.java 2008-05-12 04:01:32 UTC (rev 8157)
+++ trunk/src/main/org/jboss/seam/annotations/security/Delete.java 2008-05-12 08:17:42 UTC (rev 8158)
@@ -1,5 +1,6 @@
package org.jboss.seam.annotations.security;
+import static java.lang.annotation.ElementType.PARAMETER;
import static java.lang.annotation.ElementType.METHOD;
import static java.lang.annotation.RetentionPolicy.RUNTIME;
@@ -13,11 +14,11 @@
*
* @author Shane Bryzak
*/
- at Target({METHOD})
+ at Target({METHOD, PARAMETER})
@Documented
@Retention(RUNTIME)
@Inherited
- at PermissionCheck("delete")
+ at PermissionCheck
public @interface Delete {
- Class value();
+ Class value() default void.class;
}
Modified: trunk/src/main/org/jboss/seam/annotations/security/Insert.java
===================================================================
--- trunk/src/main/org/jboss/seam/annotations/security/Insert.java 2008-05-12 04:01:32 UTC (rev 8157)
+++ trunk/src/main/org/jboss/seam/annotations/security/Insert.java 2008-05-12 08:17:42 UTC (rev 8158)
@@ -1,6 +1,7 @@
package org.jboss.seam.annotations.security;
import static java.lang.annotation.ElementType.METHOD;
+import static java.lang.annotation.ElementType.PARAMETER;
import static java.lang.annotation.RetentionPolicy.RUNTIME;
import java.lang.annotation.Documented;
@@ -13,11 +14,11 @@
*
* @author Shane Bryzak
*/
- at Target({METHOD})
+ at Target({METHOD, PARAMETER})
@Documented
@Retention(RUNTIME)
@Inherited
- at PermissionCheck("insert")
+ at PermissionCheck
public @interface Insert {
- Class value();
+ Class value() default void.class;
}
Modified: trunk/src/main/org/jboss/seam/annotations/security/Read.java
===================================================================
--- trunk/src/main/org/jboss/seam/annotations/security/Read.java 2008-05-12 04:01:32 UTC (rev 8157)
+++ trunk/src/main/org/jboss/seam/annotations/security/Read.java 2008-05-12 08:17:42 UTC (rev 8158)
@@ -1,6 +1,7 @@
package org.jboss.seam.annotations.security;
import static java.lang.annotation.ElementType.METHOD;
+import static java.lang.annotation.ElementType.PARAMETER;
import static java.lang.annotation.RetentionPolicy.RUNTIME;
import java.lang.annotation.Documented;
@@ -13,11 +14,11 @@
*
* @author Shane Bryzak
*/
- at Target({METHOD})
+ at Target({METHOD, PARAMETER})
@Documented
@Retention(RUNTIME)
@Inherited
- at PermissionCheck("read")
+ at PermissionCheck
public @interface Read {
- Class value();
+ Class value() default void.class;
}
Modified: trunk/src/main/org/jboss/seam/annotations/security/Update.java
===================================================================
--- trunk/src/main/org/jboss/seam/annotations/security/Update.java 2008-05-12 04:01:32 UTC (rev 8157)
+++ trunk/src/main/org/jboss/seam/annotations/security/Update.java 2008-05-12 08:17:42 UTC (rev 8158)
@@ -1,6 +1,7 @@
package org.jboss.seam.annotations.security;
import static java.lang.annotation.ElementType.METHOD;
+import static java.lang.annotation.ElementType.PARAMETER;
import static java.lang.annotation.RetentionPolicy.RUNTIME;
import java.lang.annotation.Documented;
@@ -13,11 +14,11 @@
*
* @author Shane Bryzak
*/
- at Target({METHOD})
+ at Target({METHOD, PARAMETER})
@Documented
@Retention(RUNTIME)
@Inherited
- at PermissionCheck("update")
+ at PermissionCheck
public @interface Update {
- Class value();
+ Class value() default void.class;
}
Modified: trunk/src/main/org/jboss/seam/security/SecurityInterceptor.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/SecurityInterceptor.java 2008-05-12 04:01:32 UTC (rev 8157)
+++ trunk/src/main/org/jboss/seam/security/SecurityInterceptor.java 2008-05-12 08:17:42 UTC (rev 8158)
@@ -3,7 +3,9 @@
import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
import java.util.HashMap;
+import java.util.HashSet;
import java.util.Map;
+import java.util.Set;
import org.jboss.seam.annotations.intercept.AroundInvoke;
import org.jboss.seam.annotations.intercept.Interceptor;
@@ -32,25 +34,47 @@
{
private String expression;
- private Object target;
- private String action;
+ private Map<String, Object> methodRestrictions;
+ private Map<Integer,Set<String>> paramRestrictions;
public void setExpression(String expression)
{
this.expression = expression;
}
- public void setTarget(Object target)
+ public void addMethodRestriction(Object target, String action)
{
- this.target = target;
+ if (methodRestrictions == null)
+ {
+ methodRestrictions = new HashMap<String, Object>();
+ }
+
+ methodRestrictions.put(action, target);
}
- public void setAction(String action)
+ public void addParameterRestriction(int index, String action)
{
- this.action = action;
+ Set<String> actions = null;
+
+ if (paramRestrictions == null)
+ {
+ paramRestrictions = new HashMap<Integer,Set<String>>();
+ }
+
+ if (!paramRestrictions.containsKey(index))
+ {
+ actions = new HashSet<String>();
+ paramRestrictions.put(index, actions);
+ }
+ else
+ {
+ actions = paramRestrictions.get(index);
+ }
+
+ actions.add(action);
}
- public void check()
+ public void check(Object[] parameters)
{
if (Identity.isSecurityEnabled())
{
@@ -58,10 +82,26 @@
{
Identity.instance().checkRestriction(expression);
}
- else if (target != null && action != null)
+
+ if (methodRestrictions != null)
{
- Identity.instance().checkPermission(target, action);
+ for (String action : methodRestrictions.keySet())
+ {
+ Identity.instance().checkPermission(methodRestrictions.get(action), action);
+ }
}
+
+ if (paramRestrictions != null)
+ {
+ for (Integer idx : paramRestrictions.keySet())
+ {
+ Set<String> actions = paramRestrictions.get(idx);
+ for (String action : actions)
+ {
+ Identity.instance().checkPermission(parameters[idx], action);
+ }
+ }
+ }
}
}
}
@@ -73,7 +113,7 @@
Restriction restriction = getRestriction(interfaceMethod);
- if ( restriction != null ) restriction.check();
+ if ( restriction != null ) restriction.check(invocation.getParameters());
return invocation.proceed();
}
@@ -85,7 +125,9 @@
synchronized(restrictions)
{
if (!restrictions.containsKey(interfaceMethod))
- {
+ {
+ Restriction restriction = null;
+
Method method = getComponent().getBeanClass().getMethod(
interfaceMethod.getName(), interfaceMethod.getParameterTypes() );
@@ -105,18 +147,17 @@
if (restrict != null)
{
- Restriction restriction = new Restriction();
+ if (restriction == null) restriction = new Restriction();
restriction.setExpression(!Strings.isEmpty( restrict.value() ) ?
restrict.value() : createDefaultExpr(method));
- restrictions.put(interfaceMethod, restriction);
- return restriction;
}
for (Annotation annotation : method.getAnnotations())
{
if (annotation.annotationType().isAnnotationPresent(PermissionCheck.class))
{
- PermissionCheck permissionAction = annotation.annotationType().getAnnotation(PermissionCheck.class);
+ PermissionCheck permissionCheck = annotation.annotationType().getAnnotation(
+ PermissionCheck.class);
Method valueMethod = null;
for (Method m : annotation.annotationType().getDeclaredMethods())
@@ -126,33 +167,55 @@
}
if (valueMethod != null)
- {
- Restriction restriction = new Restriction();
- restriction.setTarget(valueMethod.invoke(annotation));
-
- if (!"".equals(permissionAction.value()))
+ {
+ if (restriction == null) restriction = new Restriction();
+ Object target = valueMethod.invoke(annotation);
+ if (!target.equals(void.class))
{
- restriction.setAction(permissionAction.value());
+ if (restriction == null) restriction = new Restriction();
+ restriction.addMethodRestriction(target,
+ getPermissionAction(permissionCheck, annotation));
}
- else
- {
- // If the PermissionAction.value isn't set, just use the lower-case version of the annotation name
- restriction.setAction(annotation.annotationType().getSimpleName().toLowerCase());
- }
- restrictions.put(interfaceMethod, restriction);
- return restriction;
}
}
- }
+ }
- restrictions.put(interfaceMethod, null);
- return null;
+ for (int i = 0; i < method.getParameterAnnotations().length; i++)
+ {
+ Annotation[] annotations = method.getParameterAnnotations()[i];
+ for (Annotation annotation : annotations)
+ {
+ if (annotation.annotationType().isAnnotationPresent(PermissionCheck.class))
+ {
+ PermissionCheck permissionCheck = annotation.annotationType().getAnnotation(
+ PermissionCheck.class);
+ if (restriction == null) restriction = new Restriction();
+ restriction.addParameterRestriction(i,
+ getPermissionAction(permissionCheck, annotation));
+ }
+ }
+ }
+
+ restrictions.put(interfaceMethod, restriction);
+ return restriction;
}
}
}
return restrictions.get(interfaceMethod);
}
+ private String getPermissionAction(PermissionCheck check, Annotation annotation)
+ {
+ if (!"".equals(check.value()))
+ {
+ return check.value();
+ }
+ else
+ {
+ return annotation.annotationType().getSimpleName().toLowerCase();
+ }
+ }
+
/**
* Creates a default security expression for a specified method. The method must
* be a method of a Seam component.
More information about the seam-commits
mailing list