[seam-commits] Seam SVN: r12352 - in modules/security/trunk/examples/seamspace/src/main: webapp and 2 other directories.
seam-commits at lists.jboss.org
seam-commits at lists.jboss.org
Thu Apr 1 03:29:22 EDT 2010
Author: shane.bryzak at jboss.com
Date: 2010-04-01 03:29:22 -0400 (Thu, 01 Apr 2010)
New Revision: 12352
Added:
modules/security/trunk/examples/seamspace/src/main/webapp/WEB-INF/security-rules.drl
Modified:
modules/security/trunk/examples/seamspace/src/main/java/org/jboss/seam/security/examples/seamspace/util/EntityManagerProducer.java
modules/security/trunk/examples/seamspace/src/main/webapp/WEB-INF/classes/seam-beans.xml
modules/security/trunk/examples/seamspace/src/main/webapp/home.xhtml
modules/security/trunk/examples/seamspace/src/main/webapp/rolemanager.xhtml
modules/security/trunk/examples/seamspace/src/main/webapp/security.xhtml
modules/security/trunk/examples/seamspace/src/main/webapp/template.xhtml
modules/security/trunk/examples/seamspace/src/main/webapp/usermanager.xhtml
Log:
fixed user and role management views, added config for security rules, minor
Modified: modules/security/trunk/examples/seamspace/src/main/java/org/jboss/seam/security/examples/seamspace/util/EntityManagerProducer.java
===================================================================
--- modules/security/trunk/examples/seamspace/src/main/java/org/jboss/seam/security/examples/seamspace/util/EntityManagerProducer.java 2010-04-01 06:25:35 UTC (rev 12351)
+++ modules/security/trunk/examples/seamspace/src/main/java/org/jboss/seam/security/examples/seamspace/util/EntityManagerProducer.java 2010-04-01 07:29:22 UTC (rev 12352)
@@ -2,6 +2,7 @@
import java.io.Serializable;
+import javax.enterprise.context.ConversationScoped;
import javax.enterprise.context.Dependent;
import javax.enterprise.inject.Produces;
import javax.persistence.EntityManager;
@@ -13,7 +14,7 @@
@PersistenceContext EntityManager entityManager;
- public @Produces @Dependent EntityManager getEntityManager()
+ public @Produces @ConversationScoped EntityManager getEntityManager()
{
return entityManager;
}
Modified: modules/security/trunk/examples/seamspace/src/main/webapp/WEB-INF/classes/seam-beans.xml
===================================================================
--- modules/security/trunk/examples/seamspace/src/main/webapp/WEB-INF/classes/seam-beans.xml 2010-04-01 06:25:35 UTC (rev 12351)
+++ modules/security/trunk/examples/seamspace/src/main/webapp/WEB-INF/classes/seam-beans.xml 2010-04-01 07:29:22 UTC (rev 12352)
@@ -4,8 +4,12 @@
xmlns:s="urn:java:seam:core"
xmlns:security="urn:java:org.jboss.seam.security"
xmlns:idm="urn:java:org.jboss.seam.security.management"
- xmlns:pm="urn:java:org.jboss.seam.security.permission"
+ xmlns:permission="urn:java:org.jboss.seam.security.permission"
+ xmlns:drools="urn:java:org.jboss.seam.drools"
xmlns:seamspace="urn:java:org.jboss.seam.security.examples.seamspace"
+ xmlns:drools="urn:java:org.jboss.seam.drools"
+ xmlns:drools-config="urn:java:org.jboss.seam.drools.config"
+ xmlns:drools-qualifier="urn:java:org.jboss.seam.drools.qualifier"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/beans_1_0.xsd">
@@ -18,16 +22,46 @@
</s:type>
</idm:identityStore>
</idm:IdentityManager>
-
+
<idm:JpaIdentityStore>
<s:specializes/>
<idm:userEntityClass>org.jboss.seam.security.examples.seamspace.model.MemberAccount</idm:userEntityClass>
<idm:roleEntityClass>org.jboss.seam.security.examples.seamspace.model.MemberRole</idm:roleEntityClass>
</idm:JpaIdentityStore>
- <pm:JpaPermissionStore>
+ <permission:JpaPermissionStore>
<s:specializes/>
- <pm:userPermissionClass>org.jboss.seam.security.examples.seamspace.model.AccountPermission</pm:userPermissionClass>
- </pm:JpaPermissionStore>
+ <permission:userPermissionClass>org.jboss.seam.security.examples.seamspace.model.AccountPermission</permission:userPermissionClass>
+ </permission:JpaPermissionStore>
+ <drools-config:KnowledgeBaseConfig>
+ <s:overrides/>
+ <drools-qualifier:KBaseConfig name="security-rules-config"/>
+ <drools-config:knowledgeBuilderConfig>kbuilderconfig.properties</drools-config:knowledgeBuilderConfig>
+ <drools-config:knowledgeBaseConfig>kbaseconfig.properties</drools-config:knowledgeBaseConfig>
+ <drools-config:ruleResources>
+ <s:value>classpath:security-rules.drl:DRL</s:value>
+ </drools-config:ruleResources>
+ <drools-config:eventListeners>
+ <s:value>org.drools.event.knowledgebase.DefaultKnowledgeBaseEventListener</s:value>
+ </drools-config:eventListeners>
+ </drools-config:KnowledgeBaseConfig>
+
+ <drools:KnowledgeBaseProducer>
+ <s:specializes/>
+ <drools:produceKBase>
+ <drools-qualifier:KBase name="permission-rules"/>
+ <s:Inject/>
+ <drools-qualifier:KBaseConfig name="security-rules-config"/>
+ </drools:produceKBase>
+ </drools:KnowledgeBaseProducer>
+
+ <permission:RuleBasedPermissionResolver>
+ <s:specializes/>
+ <permission:securityRules>
+ <s:Inject/>
+ <drools-qualifier:KBase name="permission-rules"/>
+ </permission:securityRules>
+ </permission:RuleBasedPermissionResolver>
+
</beans>
\ No newline at end of file
Added: modules/security/trunk/examples/seamspace/src/main/webapp/WEB-INF/security-rules.drl
===================================================================
--- modules/security/trunk/examples/seamspace/src/main/webapp/WEB-INF/security-rules.drl (rev 0)
+++ modules/security/trunk/examples/seamspace/src/main/webapp/WEB-INF/security-rules.drl 2010-04-01 07:29:22 UTC (rev 12352)
@@ -0,0 +1,247 @@
+package SeamSpacePermissions;
+
+dialect 'mvel'
+
+import java.security.Principal;
+
+import org.jboss.seam.security.permission.PermissionCheck;
+import org.jboss.seam.security.permission.RoleCheck;
+import org.jboss.seam.security.Role;
+
+import org.jboss.seam.example.seamspace.BlogComment;
+import org.jboss.seam.example.seamspace.Member;
+import org.jboss.seam.example.seamspace.MemberAccount;
+import org.jboss.seam.example.seamspace.MemberBlog;
+import org.jboss.seam.example.seamspace.MemberFriend;
+import org.jboss.seam.example.seamspace.MemberImage;
+
+# These rules allow members to manage permissions on their own images
+
+rule ManageImagePermissions
+ no-loop
+ activation-group "permissions"
+when
+ acct: MemberAccount()
+ image: MemberImage(mbr : member -> (mbr.memberId.equals(acct.member.memberId)))
+ check: PermissionCheck(target == image, action == "seam.read-permissions", granted == false)
+then
+ check.grant();
+end
+
+rule GrantImagePermissions
+ no-loop
+ activation-group "permissions"
+when
+ acct: MemberAccount()
+ image: MemberImage(mbr : member -> (mbr.memberId.equals(acct.member.memberId)))
+ check: PermissionCheck(target == image, action == "seam.grant-permission", granted == false)
+then
+ check.grant();
+end
+
+# Allow all users to read the available roles
+
+rule ReadRoles
+ no-loop
+ activation-group "permissions"
+when
+ check: PermissionCheck(target == "seam.role", action == "read", granted == false)
+ Role(name == "user")
+then
+ check.grant();
+end
+
+# This rule allows a member to delete their own images
+
+rule DeleteImage
+ no-loop
+ activation-group "permissions"
+when
+ acct: MemberAccount()
+ image: MemberImage(mbr : member -> (mbr.memberId.equals(acct.member.memberId)))
+ check: PermissionCheck(target == image, action == "delete", granted == false)
+then
+ check.grant();
+end
+
+# This rule allows members to revoke permissions on their images to other users/roles
+
+rule RevokeImagePermissions
+ no-loop
+ activation-group "permissions"
+when
+ acct: MemberAccount()
+ image: MemberImage(mbr : member -> (mbr.memberId.equals(acct.member.memberId)))
+ check: PermissionCheck(target == image, action == "seam.revoke-permission", granted == false)
+then
+ check.grant();
+end
+
+rule ViewProfileImage
+ no-loop
+ activation-group "permissions"
+when
+ image: MemberImage()
+ check: PermissionCheck(target == image, action == "view", granted == false)
+ eval( image.getMember().getPicture() == image )
+then
+ check.grant();
+end
+
+rule FriendViewImage
+ no-loop
+ activation-group "permissions"
+when
+ acct: MemberAccount()
+ image: MemberImage(mbr : member -> (mbr.isFriend(acct.member)))
+ PermissionCheck(target == image, action == "view")
+ role: RoleCheck(name == "friends")
+then
+ role.grant();
+end
+
+rule GuestViewImage
+ no-loop
+ activation-group "permissions"
+when
+ image: MemberImage()
+ PermissionCheck(target == image, action == "view")
+ role: RoleCheck(name == "guest")
+then
+ role.grant();
+end
+
+rule ViewMyImages
+ no-loop
+ activation-group "permissions"
+when
+ acct: MemberAccount()
+ image: MemberImage(mbr : member -> (mbr.memberId.equals(acct.member.memberId)))
+ check: PermissionCheck(target == image, action == "view")
+then
+ check.grant();
+end
+
+rule RestrictCommentPage
+ no-loop
+ activation-group "permissions"
+when
+ check: PermissionCheck(target == "/comment.xhtml", granted == false)
+ Role(name == "user")
+then
+ check.grant();
+end
+
+rule CanCreateBlogComment
+ no-loop
+ activation-group "permissions"
+when
+ blog: MemberBlog()
+ check: PermissionCheck(target == blog, action == "create", granted == false)
+ Role(name == "user")
+then
+ check.grant();
+end
+
+rule CreateBlogComment
+ no-loop
+ activation-group "permissions"
+when
+ check: PermissionCheck(target == "blogComment", action == "insert", granted == false)
+ Role(name == "user")
+then
+ check.grant();
+end
+
+# This rule grants permission for users to create their own blog entries
+rule CreateBlog
+ no-loop
+ activation-group "permissions"
+when
+ mbr: Member()
+ acct: MemberAccount(member.memberId == mbr.memberId)
+ check: PermissionCheck(target.memberId == mbr.memberId, action == "createBlog", granted == false)
+then
+ check.grant();
+end
+
+# This rule grants permission for users to upload pictures to their profile
+rule UploadImage
+ no-loop
+ activation-group "permissions"
+when
+ mbr: Member()
+ acct: MemberAccount(member.memberId == mbr.memberId)
+ check: PermissionCheck(target.memberId == mbr.memberId, action == "uploadImage", granted == false)
+then
+ check.grant();
+end
+
+rule InsertMemberBlog
+ no-loop
+ activation-group "permissions"
+when
+ acct: MemberAccount()
+ blog: MemberBlog(member == acct.member)
+ check: PermissionCheck(target == blog, action == "insert", granted == false)
+then
+ check.grant();
+end
+
+rule CreateFriendComment
+ no-loop
+ activation-group "permissions"
+when
+ acct: MemberAccount()
+ member: Member() //friends contains acct.member)
+ check: PermissionCheck(target == member, action == "createFriendComment", granted == false)
+then
+ check.grant();
+end
+
+rule CreateFriendRequest
+ no-loop
+ activation-group "permissions"
+when
+ acct: MemberAccount()
+ member: Member() //friends not contains acct.member)
+ check: PermissionCheck(target == member, action == "createFriendRequest", granted == false)
+then
+ check.grant();
+end
+
+rule CreateAccount
+ no-loop
+ activation-group "permissions"
+when
+ check: PermissionCheck(target == "seam.account", action == "create", granted == false)
+ Role(name == "admin")
+then
+ check.grant();
+end
+
+/*****************************************************************************************
+
+ The Following Rules are for Identity Management
+
+******************************************************************************************/
+
+rule ManageUsers
+ no-loop
+ activation-group "permissions"
+when
+ check: PermissionCheck(target == "seam.user", granted == false)
+ Role(name == "admin")
+then
+ check.grant();
+end
+
+rule ManageRoles
+ no-loop
+ activation-group "permissions"
+when
+ check: PermissionCheck(target == "seam.role", granted == false)
+ Role(name == "admin")
+then
+ check.grant();
+end
Modified: modules/security/trunk/examples/seamspace/src/main/webapp/home.xhtml
===================================================================
--- modules/security/trunk/examples/seamspace/src/main/webapp/home.xhtml 2010-04-01 06:25:35 UTC (rev 12351)
+++ modules/security/trunk/examples/seamspace/src/main/webapp/home.xhtml 2010-04-01 07:29:22 UTC (rev 12352)
@@ -76,7 +76,7 @@
<ui:repeat value="#{memberSearch.newMembers}" var="newMember">
<div class="newMember">
- <h:link view="/profile.seam" propagation="none">
+ <h:link outcome="/profile.xhtml">
<f:param name="name" value="#{newMember.memberName}"/>
#{newMember.memberName}<br/>
<h:graphicImage value="/content/images?id=#{newMember.picture.imageId}&width=90"/>
Modified: modules/security/trunk/examples/seamspace/src/main/webapp/rolemanager.xhtml
===================================================================
--- modules/security/trunk/examples/seamspace/src/main/webapp/rolemanager.xhtml 2010-04-01 06:25:35 UTC (rev 12351)
+++ modules/security/trunk/examples/seamspace/src/main/webapp/rolemanager.xhtml 2010-04-01 07:29:22 UTC (rev 12352)
@@ -14,8 +14,7 @@
<ui:define name="content">
<script type="text/javascript">
- function confirmDelete()
- {
+ function confirmDelete() {
return confirm("Are you sure you wish to delete this role? This action cannot be undone.");
}
</script>
@@ -24,7 +23,7 @@
<h2>Role Manager</h2>
- <s:button id="newRole" action="#{roleAction.createRole}" styleClass="newrole" rendered="#{s:hasPermission('seam.account', 'create', null)}"/>
+ <h:button id="newRole" action="#{roleAction.createRole}" styleClass="newrole" rendered="#{identity.hasPermission('seam.account', 'create')}"/>
<h:dataTable
id="threads"
@@ -45,11 +44,11 @@
</h:column>
<h:column width="auto">
<f:facet name="header">Action</f:facet>
- <s:fragment rendered="#{s:hasPermission('seam.role', 'update')}">
+ <s:fragment rendered="#{identity.hasPermission('seam.role', 'update')}">
<s:link id="edit" value="Edit" action="#{roleAction.editRole(roleSearch.selectedRole)}"/><span> | </span>
</s:fragment>
<s:link id="delete" value="Delete" action="#{identityManager.deleteRole(roleSearch.selectedRole)}"
- rendered="#{s:hasPermission('seam.role', 'delete')}"
+ rendered="#{identity.hasPermission('seam.role', 'delete')}"
onclick="return confirmDelete()"/>
</h:column>
</h:dataTable>
Modified: modules/security/trunk/examples/seamspace/src/main/webapp/security.xhtml
===================================================================
--- modules/security/trunk/examples/seamspace/src/main/webapp/security.xhtml 2010-04-01 06:25:35 UTC (rev 12351)
+++ modules/security/trunk/examples/seamspace/src/main/webapp/security.xhtml 2010-04-01 07:29:22 UTC (rev 12352)
@@ -17,8 +17,8 @@
<h2>Security</h2>
- <s:button id="manageUsers" view="/usermanager.xhtml" styleClass="manageusers" value="Manage Users"/><br/>
- <s:button id="manageRoles" view="/rolemanager.xhtml" styleClass="manageroles" value="Manage Roles"/>
+ <h:button id="manageUsers" outcome="/usermanager.xhtml" styleClass="manageusers" value="Manage Users"/><br/>
+ <h:button id="manageRoles" outcome="/rolemanager.xhtml" styleClass="manageroles" value="Manage Roles"/>
</div>
Modified: modules/security/trunk/examples/seamspace/src/main/webapp/template.xhtml
===================================================================
--- modules/security/trunk/examples/seamspace/src/main/webapp/template.xhtml 2010-04-01 06:25:35 UTC (rev 12351)
+++ modules/security/trunk/examples/seamspace/src/main/webapp/template.xhtml 2010-04-01 07:29:22 UTC (rev 12352)
@@ -26,7 +26,7 @@
</ui:fragment>
<ui:fragment rendered="#{identity.hasRole('admin')}">
- <h:link id="security" view="/security.xhtml" value="Security" propagation="none"/>
+ <h:link id="security" outcome="/security.xhtml" value="Security" propagation="none"/>
<h:outputText styleClass="divider" value=" | "/>
</ui:fragment>
Modified: modules/security/trunk/examples/seamspace/src/main/webapp/usermanager.xhtml
===================================================================
--- modules/security/trunk/examples/seamspace/src/main/webapp/usermanager.xhtml 2010-04-01 06:25:35 UTC (rev 12351)
+++ modules/security/trunk/examples/seamspace/src/main/webapp/usermanager.xhtml 2010-04-01 07:29:22 UTC (rev 12352)
@@ -2,8 +2,7 @@
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:h="http://java.sun.com/jsf/html"
- xmlns:f="http://java.sun.com/jsf/core"
- xmlns:s="http://jboss.com/products/seam/taglib">
+ xmlns:f="http://java.sun.com/jsf/core">
<ui:composition template="template.xhtml">
@@ -14,8 +13,7 @@
<ui:define name="content">
<script type="text/javascript">
- function confirmDelete()
- {
+ function confirmDelete() {
return confirm("Are you sure you wish to delete this user? This action cannot be undone.");
}
</script>
@@ -24,7 +22,7 @@
<h2>User Manager</h2>
- <s:button id="newUser" action="#{userAction.createUser}" styleClass="newuser" rendered="#{s:hasPermission('seam.account', 'create')}"/>
+ <h:button id="newUser" action="#{userAction.createUser}" styleClass="newuser" rendered="#{identity.hasPermission('seam.account', 'create')}"/>
<h:dataTable
id="threads"
@@ -58,11 +56,11 @@
Action
</f:facet>
- <s:fragment rendered="#{s:hasPermission('seam.user', 'update')}">
- <s:link id="edit" value="Edit" action="#{userAction.editUser(userSearch.selectedUser)}"/><span> | </span>
- </s:fragment>
- <s:link id="delete" value="Delete" action="#{identityManager.deleteUser(userSearch.selectedUser)}"
- rendered="#{s:hasPermission('seam.user', 'delete')}"
+ <ui:fragment rendered="#{identity.hasPermission('seam.user', 'update')}">
+ <h:link id="edit" value="Edit" action="#{userAction.editUser(userSearch.selectedUser)}"/><span> | </span>
+ </ui:fragment>
+ <h:link id="delete" value="Delete" action="#{identityManager.deleteUser(userSearch.selectedUser)}"
+ rendered="#{identity.hasPermission('seam.user', 'delete')}"
onclick="return confirmDelete()"/>
</h:column>
</h:dataTable>
More information about the seam-commits
mailing list