[seam-commits] Seam SVN: r12745 - in modules/security/trunk: api/src/main/java/org/jboss/seam/security and 12 other directories.
seam-commits at lists.jboss.org
seam-commits at lists.jboss.org
Mon May 17 19:01:12 EDT 2010
Author: shane.bryzak at jboss.com
Date: 2010-05-17 19:01:09 -0400 (Mon, 17 May 2010)
New Revision: 12745
Added:
modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/management/MemberOf.java
modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/management/RoleGroup.java
modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/management/RoleType.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/GroupImpl.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/RoleImpl.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/UserImpl.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/picketlink/
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/picketlink/IdentityConfigurationMetaDataProducer.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/picketlink/IdentitySessionProducer.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/picketlink/PicketLinkIdentityStore.java
Removed:
modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/management/RoleGroups.java
modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/management/RoleName.java
modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/management/UserRoles.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/Group.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/Role.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/SimpleGroup.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/JpaIdentityStore.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/LdapIdentityStore.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/PicketLinkIdentityStore.java
Modified:
modules/security/trunk/api/
modules/security/trunk/api/src/main/java/org/jboss/seam/security/Identity.java
modules/security/trunk/api/src/main/java/org/jboss/seam/security/management/IdentityManager.java
modules/security/trunk/api/src/main/java/org/jboss/seam/security/management/IdentityStore.java
modules/security/trunk/examples/seamspace/
modules/security/trunk/examples/seamspace/src/main/java/org/jboss/seam/security/examples/seamspace/action/ImagePermission.java
modules/security/trunk/examples/seamspace/src/main/java/org/jboss/seam/security/examples/seamspace/model/MemberRole.java
modules/security/trunk/impl/
modules/security/trunk/impl/pom.xml
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/IdentityImpl.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/RememberMe.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/RunAsOperation.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/SecurityInterceptor.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/jaas/SeamLoginModule.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/IdentityManagerImpl.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/action/RoleAction.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/action/UserAction.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/action/UserSearch.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/JpaPermissionStore.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/PersistentPermissionResolver.java
modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/RuleBasedPermissionResolver.java
Log:
lots of refactoring, removed JpaIdentityStore for now (needs major rewrite)
Property changes on: modules/security/trunk/api
___________________________________________________________________
Name: svn:ignore
- .settings
.classpath
.project
target
+ .settings
target
.classpath
.project
Modified: modules/security/trunk/api/src/main/java/org/jboss/seam/security/Identity.java
===================================================================
--- modules/security/trunk/api/src/main/java/org/jboss/seam/security/Identity.java 2010-05-17 19:32:28 UTC (rev 12744)
+++ modules/security/trunk/api/src/main/java/org/jboss/seam/security/Identity.java 2010-05-17 23:01:09 UTC (rev 12745)
@@ -85,7 +85,7 @@
* @param role String The name of the role to check
* @return boolean True if the user is a member of the specified role
*/
- boolean hasRole(String role);
+ boolean hasRole(String role, String group);
/**
* Adds a role to the authenticated user. If the user is not logged in,
@@ -95,13 +95,14 @@
*
* @param role The name of the role to add
*/
- boolean addRole(String role); /**
+ boolean addRole(String role, String group, String groupType);
+ /**
* Removes a role from the authenticated user
*
* @param role The name of the role to remove
*/
- void removeRole(String role);
+ void removeRole(String role, String group);
/**
* Checks that the current authenticated user is a member of
@@ -110,7 +111,7 @@
* @param role String The name of the role to check
* @throws AuthorizationException if the authenticated user is not a member of the role
*/
- void checkRole(String role);
+ void checkRole(String role, String group);
/**
* Checks if the currently authenticated user can perform the specified action
Copied: modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/management/MemberOf.java (from rev 12460, modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/management/RoleGroups.java)
===================================================================
--- modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/management/MemberOf.java (rev 0)
+++ modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/management/MemberOf.java 2010-05-17 23:01:09 UTC (rev 12745)
@@ -0,0 +1,24 @@
+package org.jboss.seam.security.annotations.management;
+
+import static java.lang.annotation.ElementType.FIELD;
+import static java.lang.annotation.ElementType.METHOD;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.Inherited;
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+/**
+ * Flags an entity field or method as representing the group memberships for a role
+ *
+ * @author Shane Bryzak
+ */
+ at Target({METHOD,FIELD})
+ at Documented
+ at Retention(RUNTIME)
+ at Inherited
+public @interface MemberOf
+{
+
+}
Added: modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/management/RoleGroup.java
===================================================================
--- modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/management/RoleGroup.java (rev 0)
+++ modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/management/RoleGroup.java 2010-05-17 23:01:09 UTC (rev 12745)
@@ -0,0 +1,23 @@
+package org.jboss.seam.security.annotations.management;
+
+import static java.lang.annotation.ElementType.FIELD;
+import static java.lang.annotation.ElementType.METHOD;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.Inherited;
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+/**
+ * Flags an entity field or method as representing the name of the role group
+ *
+ * @author Shane Bryzak
+ */
+ at Target({METHOD,FIELD})
+ at Documented
+ at Retention(RUNTIME)
+ at Inherited
+public @interface RoleGroup {
+
+}
Deleted: modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/management/RoleGroups.java
===================================================================
--- modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/management/RoleGroups.java 2010-05-17 19:32:28 UTC (rev 12744)
+++ modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/management/RoleGroups.java 2010-05-17 23:01:09 UTC (rev 12745)
@@ -1,24 +0,0 @@
-package org.jboss.seam.security.annotations.management;
-
-import static java.lang.annotation.ElementType.FIELD;
-import static java.lang.annotation.ElementType.METHOD;
-import static java.lang.annotation.RetentionPolicy.RUNTIME;
-
-import java.lang.annotation.Documented;
-import java.lang.annotation.Inherited;
-import java.lang.annotation.Retention;
-import java.lang.annotation.Target;
-
-/**
- * Flags an entity field or method as representing the group memberships for a role
- *
- * @author Shane Bryzak
- */
- at Target({METHOD,FIELD})
- at Documented
- at Retention(RUNTIME)
- at Inherited
-public @interface RoleGroups
-{
-
-}
Deleted: modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/management/RoleName.java
===================================================================
--- modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/management/RoleName.java 2010-05-17 19:32:28 UTC (rev 12744)
+++ modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/management/RoleName.java 2010-05-17 23:01:09 UTC (rev 12745)
@@ -1,24 +0,0 @@
-package org.jboss.seam.security.annotations.management;
-
-import static java.lang.annotation.ElementType.FIELD;
-import static java.lang.annotation.ElementType.METHOD;
-import static java.lang.annotation.RetentionPolicy.RUNTIME;
-
-import java.lang.annotation.Documented;
-import java.lang.annotation.Inherited;
-import java.lang.annotation.Retention;
-import java.lang.annotation.Target;
-
-/**
- * Flags an entity field or method as representing the name of a role
- *
- * @author Shane Bryzak
- */
- at Target({METHOD,FIELD})
- at Documented
- at Retention(RUNTIME)
- at Inherited
-public @interface RoleName
-{
-
-}
Copied: modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/management/RoleType.java (from rev 12460, modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/management/RoleName.java)
===================================================================
--- modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/management/RoleType.java (rev 0)
+++ modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/management/RoleType.java 2010-05-17 23:01:09 UTC (rev 12745)
@@ -0,0 +1,24 @@
+package org.jboss.seam.security.annotations.management;
+
+import static java.lang.annotation.ElementType.FIELD;
+import static java.lang.annotation.ElementType.METHOD;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.Inherited;
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+/**
+ * Flags an entity field or method as representing the name of a role
+ *
+ * @author Shane Bryzak
+ */
+ at Target({METHOD,FIELD})
+ at Documented
+ at Retention(RUNTIME)
+ at Inherited
+public @interface RoleType
+{
+
+}
Deleted: modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/management/UserRoles.java
===================================================================
--- modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/management/UserRoles.java 2010-05-17 19:32:28 UTC (rev 12744)
+++ modules/security/trunk/api/src/main/java/org/jboss/seam/security/annotations/management/UserRoles.java 2010-05-17 23:01:09 UTC (rev 12745)
@@ -1,24 +0,0 @@
-package org.jboss.seam.security.annotations.management;
-
-import static java.lang.annotation.ElementType.FIELD;
-import static java.lang.annotation.ElementType.METHOD;
-import static java.lang.annotation.RetentionPolicy.RUNTIME;
-
-import java.lang.annotation.Documented;
-import java.lang.annotation.Inherited;
-import java.lang.annotation.Retention;
-import java.lang.annotation.Target;
-
-/**
- * Flags an entity field or method as representing the list of role memberships for a user
- *
- * @author Shane Bryzak
- */
- at Target({METHOD,FIELD})
- at Documented
- at Retention(RUNTIME)
- at Inherited
-public @interface UserRoles
-{
-
-}
Modified: modules/security/trunk/api/src/main/java/org/jboss/seam/security/management/IdentityManager.java
===================================================================
--- modules/security/trunk/api/src/main/java/org/jboss/seam/security/management/IdentityManager.java 2010-05-17 19:32:28 UTC (rev 12744)
+++ modules/security/trunk/api/src/main/java/org/jboss/seam/security/management/IdentityManager.java 2010-05-17 23:01:09 UTC (rev 12745)
@@ -3,6 +3,10 @@
import java.security.Principal;
import java.util.List;
+import org.picketlink.idm.api.Group;
+import org.picketlink.idm.api.IdentityType;
+import org.picketlink.idm.api.Role;
+
/**
* Identity Management API, deals with user name/password-based identity management.
*
@@ -10,36 +14,30 @@
*/
public interface IdentityManager
{
- boolean createUser(String name, String password);
-
- boolean createUser(String name, String password, String firstname, String lastname);
+ boolean createUser(String username, String password);
- boolean deleteUser(String name);
+ boolean deleteUser(String username);
- boolean enableUser(String name);
+ boolean enableUser(String username);
- boolean disableUser(String name);
+ boolean disableUser(String username);
- boolean changePassword(String name, String password);
+ boolean changePassword(String username, String password);
- boolean isUserEnabled(String name);
+ boolean isUserEnabled(String username);
- boolean grantRole(String name, String role);
+ boolean grantRole(String username, String roleType, Group group);
- boolean revokeRole(String name, String role);
+ boolean revokeRole(String username, String roleType, Group group);
- boolean createRole(String role);
+ boolean createRoleType(String roleType);
- boolean deleteRole(String role);
+ boolean deleteRoleType(String roleType);
+
+ boolean userExists(String username);
- boolean addRoleToGroup(String role, String group);
+ boolean roleExists(String username);
- boolean removeRoleFromGroup(String role, String group);
-
- boolean userExists(String name);
-
- boolean roleExists(String name);
-
List<String> getUsers();
List<String> getUsers(String filter);
@@ -54,7 +52,7 @@
* @param name The user for which to return a list of roles
* @return List containing the names of the granted roles
*/
- List<String> getGrantedRoles(String name);
+ List<Role> getGrantedRoles(String name);
/**
* Returns a list of roles that are either explicitly or indirectly granted to the specified user.
@@ -62,12 +60,10 @@
* @param name The user for which to return the list of roles
* @return List containing the names of the implied roles
*/
- List<String> getImpliedRoles(String name);
+ List<Role> getImpliedRoles(String name);
- List<Principal> listMembers(String role);
-
- List<String> getRoleGroups(String name);
-
+ List<IdentityType> listRoleMembers(String roleType, Group group);
+
boolean authenticate(String username, String password);
IdentityStore getIdentityStore();
Modified: modules/security/trunk/api/src/main/java/org/jboss/seam/security/management/IdentityStore.java
===================================================================
--- modules/security/trunk/api/src/main/java/org/jboss/seam/security/management/IdentityStore.java 2010-05-17 19:32:28 UTC (rev 12744)
+++ modules/security/trunk/api/src/main/java/org/jboss/seam/security/management/IdentityStore.java 2010-05-17 23:01:09 UTC (rev 12745)
@@ -1,11 +1,14 @@
package org.jboss.seam.security.management;
import java.io.Serializable;
-import java.security.Principal;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
+import org.picketlink.idm.api.Group;
+import org.picketlink.idm.api.IdentityType;
+import org.picketlink.idm.api.Role;
+
/**
* The identity store does the actual work of persisting user accounts and roles in a
* database, LDAP directory, etc.
@@ -14,8 +17,9 @@
*/
public interface IdentityStore
{
- public enum Feature { createUser, deleteUser, enableUser, disableUser, changePassword,
- createRole, deleteRole, grantRole, revokeRole }
+ public enum Feature { createUser, deleteUser, enableUser, disableUser,
+ changePassword, createRole, deleteRole, grantRole, revokeRole,
+ createGroup, addToGroup, removeFromGroup, deleteGroup }
/**
* Represents a set of optional features that an IdentityStore implementation might support.
@@ -92,132 +96,158 @@
* Deletes the user with the specified username.
* @return true if the user was successfully deleted.
*/
- boolean deleteUser(String name);
+ boolean deleteUser(String username);
/**
* Enables the user with the specified username. Enabled users are able to authenticate.
* @return true if the specified user was successfully enabled.
*/
- boolean enableUser(String name);
+ boolean enableUser(String username);
/**
* Disables the user with the specified username. Disabled users are unable to authenticate.
* @return true if the specified user was successfully disabled.
*/
- boolean disableUser(String name);
+ boolean disableUser(String username);
/**
* Returns true if the specified user is enabled.
*/
- boolean isUserEnabled(String name);
+ boolean isUserEnabled(String username);
/**
* Changes the password of the specified user to the specified password.
* @return true if the user's password was successfully changed.
*/
- boolean changePassword(String name, String password);
+ boolean changePassword(String username, String password);
/**
* Returns true if the specified user exists.
*/
- boolean userExists(String name);
+ boolean userExists(String username);
/**
- * Creates a new role with the specified role name.
- * @return true if the role was created successfully.
+ * Creates a new role type with the specified role type name.
+ * @return true if the role type was created successfully.
*/
- boolean createRole(String role);
+ boolean createRoleType(String roleType);
/**
* Grants the specified role to the specified user.
*
* @param name The name of the user
- * @param role The name of the role to grant to the user.
+ * @param roleType The name of the role type to grant to the user.
+ * @param group The name of the group to grant the role in
* @return true if the role was successfully granted.
*/
- boolean grantRole(String name, String role);
+ boolean grantRole(String username, String roleType, Group group);
/**
* Revokes the specified role from the specified user.
*
* @param name The name of the user
- * @param role The name of the role to grant to the user.
+ * @param roleType The name of the role type to revoke from the user.
+ * @param group The name of the group which contains the user role
* @return true if the role was successfully revoked.
*/
- boolean revokeRole(String name, String role);
+ boolean revokeRole(String username, String roleType, Group group);
/**
- * Deletes the specified role.
- * @return true if the role was successfully deleted.
+ * Deletes the specified role type.
+ * @return true if the role type was successfully deleted.
*/
- boolean deleteRole(String role);
+ boolean deleteRoleType(String roleType);
/**
- * Returns true if the specified role exists.
+ * Returns true if the specified role type exists.
*/
- boolean roleExists(String name);
+ boolean roleTypeExists(String roleType);
/**
- * Adds the specified role as a member of the specified group.
+ * Creates a new group with the specified name
*
- * @param role The name of the role to add as a member
- * @param group The name of the group that the specified role will be added to.
- * @return true if the role was successfully added to the group.
+ * @param name The name of the group
+ * @return true if the group was created successfully
*/
- boolean addRoleToGroup(String role, String group);
+ boolean createGroup(String name, String groupType);
/**
- * Removes the specified role from the specified group.
+ * Add the specified user to the specified group
*
- * @param role The name of the role to remove from the group.
- * @param group The group from which to remove the role.
- * @return true if the role was successfully removed from the group.
+ * @param user The name of the user
+ * @param group The name of the group
+ * @return true if the user was successfully added
*/
- boolean removeRoleFromGroup(String role, String group);
+ boolean addUserToGroup(String username, Group group);
+
+ /**
+ * Removes the specified user from the specified group
+ *
+ * @param user The user to remove
+ * @param group The group to remove the user from
+ * @return true if the user was successfully removed
+ */
+ boolean removeUserFromGroup(String username, Group group);
+
+ /**
+ * Deletes the specified group
+ *
+ * @param group The name of the group to delete
+ * @return true if the group was successfully deleted
+ */
+ boolean deleteGroup(String name, String groupType);
+
+ /**
+ *
+ * @param name
+ * @param type
+ * @return
+ */
+ Group findGroup(String name, String groupType);
/**
- * Returns a list of all users.
+ * Returns a list of all user names.
*/
- List<String> listUsers();
+ List<String> findUsers();
/**
- * Returns a list of all users containing the specified filter text within their username.
+ * Returns a list of all user names containing the specified filter text within their username.
*/
- List<String> listUsers(String filter);
+ List<String> findUsers(String filter);
/**
- * Returns a list of all the roles.
+ * Returns a list of all the role types.
*/
- List<String> listRoles();
+ List<String> listRoleTypes();
/**
- * Returns a list of roles that can be granted (i.e, excluding conditional roles)
+ * Returns a list of role types that can be granted (i.e, excluding conditional roles)
*/
- List<String> listGrantableRoles();
+ List<String> listGrantableRoleTypes();
/**
* Returns a list of all the roles explicitly granted to the specified user.
*/
- List<String> getGrantedRoles(String name);
+ List<Role> listGrantedRoles(String username);
/**
* Returns a list of all roles that the specified user is a member of. This list may contain
* roles that may not have been explicitly granted to the user, which are indirectly implied
- * due to group memberships.
+ * due to role memberships.
*/
- List<String> getImpliedRoles(String name);
-
+ List<Role> listImpliedRoles(String username);
+
/**
- * Returns a list of all the groups that the specified role is a member of.
+ * Lists the members of the specified role
*/
- List<String> getRoleGroups(String name);
+ List<IdentityType> listRoleMembers(String roleType, Group group);
/**
- * Lists the members of the specified role.
+ * Lists the members of the specified group
*/
- List<Principal> listMembers(String role);
+ List<IdentityType> listGroupMembers(Group group);
/**
* Authenticates the specified user, using the specified password.
Property changes on: modules/security/trunk/examples/seamspace
___________________________________________________________________
Name: svn:ignore
- .settings
.project
.classpath
target
+ .settings
.classpath
target
.project
Modified: modules/security/trunk/examples/seamspace/src/main/java/org/jboss/seam/security/examples/seamspace/action/ImagePermission.java
===================================================================
--- modules/security/trunk/examples/seamspace/src/main/java/org/jboss/seam/security/examples/seamspace/action/ImagePermission.java 2010-05-17 19:32:28 UTC (rev 12744)
+++ modules/security/trunk/examples/seamspace/src/main/java/org/jboss/seam/security/examples/seamspace/action/ImagePermission.java 2010-05-17 23:01:09 UTC (rev 12745)
@@ -10,7 +10,7 @@
import javax.inject.Inject;
import javax.persistence.EntityManager;
-import org.jboss.seam.security.Role;
+import org.jboss.seam.security.RoleImpl;
import org.jboss.seam.security.SimplePrincipal;
import org.jboss.seam.security.examples.seamspace.model.Member;
import org.jboss.seam.security.examples.seamspace.model.MemberAccount;
@@ -155,7 +155,7 @@
for (String role : selectedRoles)
{
- Principal r = new Role(role);
+ Principal r = new RoleImpl(role);
for (String action : selectedActions)
{
permissions.add(new Permission(target, action, r));
Modified: modules/security/trunk/examples/seamspace/src/main/java/org/jboss/seam/security/examples/seamspace/model/MemberRole.java
===================================================================
--- modules/security/trunk/examples/seamspace/src/main/java/org/jboss/seam/security/examples/seamspace/model/MemberRole.java 2010-05-17 19:32:28 UTC (rev 12744)
+++ modules/security/trunk/examples/seamspace/src/main/java/org/jboss/seam/security/examples/seamspace/model/MemberRole.java 2010-05-17 23:01:09 UTC (rev 12745)
@@ -11,8 +11,8 @@
import javax.persistence.ManyToMany;
import org.jboss.seam.security.annotations.management.RoleConditional;
-import org.jboss.seam.security.annotations.management.RoleGroups;
-import org.jboss.seam.security.annotations.management.RoleName;
+import org.jboss.seam.security.annotations.management.MemberOf;
+import org.jboss.seam.security.annotations.management.RoleType;
@Entity
public class MemberRole implements Serializable
@@ -36,7 +36,7 @@
this.roleId = roleId;
}
- @RoleName
+ @RoleType
public String getName()
{
return name;
@@ -47,7 +47,7 @@
this.name = name;
}
- @RoleGroups
+ @MemberOf
@ManyToMany(targetEntity = MemberRole.class)
@JoinTable(name = "RoleGroup",
joinColumns = @JoinColumn(name = "RoleId"),
Property changes on: modules/security/trunk/impl
___________________________________________________________________
Name: svn:ignore
- .classpath
.project
.settings
target
+ .settings
target
.classpath
.project
Modified: modules/security/trunk/impl/pom.xml
===================================================================
--- modules/security/trunk/impl/pom.xml 2010-05-17 19:32:28 UTC (rev 12744)
+++ modules/security/trunk/impl/pom.xml 2010-05-17 23:01:09 UTC (rev 12745)
@@ -57,6 +57,12 @@
<artifactId>seam-security-api</artifactId>
<version>${project.version}</version>
</dependency>
+
+ <dependency>
+ <groupId>org.picketlink.idm</groupId>
+ <artifactId>picketlink-idm-core</artifactId>
+ <version>1.1.2.CR01</version>
+ </dependency>
<dependency>
<groupId>org.hibernate</groupId>
Deleted: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/Group.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/Group.java 2010-05-17 19:32:28 UTC (rev 12744)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/Group.java 2010-05-17 23:01:09 UTC (rev 12745)
@@ -1,33 +0,0 @@
-package org.jboss.seam.security;
-
-/**
- * Seam implementation of the PicketLink Group interface.
- *
- * @author Shane Bryzak
- */
-public class Group implements org.picketlink.idm.api.Group
-{
- private String groupType;
- private String name;
-
- public Group(String groupType, String name)
- {
- this.groupType = groupType;
- this.name = name;
- }
-
- public String getGroupType()
- {
- return groupType;
- }
-
- public String getName()
- {
- return name;
- }
-
- public String getKey()
- {
- return String.format("jbpid_group_id_._._%s_._._%s", groupType, name);
- }
-}
Copied: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/GroupImpl.java (from rev 12734, modules/security/trunk/impl/src/main/java/org/jboss/seam/security/Group.java)
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/GroupImpl.java (rev 0)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/GroupImpl.java 2010-05-17 23:01:09 UTC (rev 12745)
@@ -0,0 +1,33 @@
+package org.jboss.seam.security;
+
+/**
+ * Seam implementation of the PicketLink Group interface.
+ *
+ * @author Shane Bryzak
+ */
+public class GroupImpl implements org.picketlink.idm.api.Group
+{
+ private String groupType;
+ private String name;
+
+ public GroupImpl(String groupType, String name)
+ {
+ this.groupType = groupType;
+ this.name = name;
+ }
+
+ public String getGroupType()
+ {
+ return groupType;
+ }
+
+ public String getName()
+ {
+ return name;
+ }
+
+ public String getKey()
+ {
+ return String.format("jbpid_group_id_._._%s_._._%s", groupType, name);
+ }
+}
Modified: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/IdentityImpl.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/IdentityImpl.java 2010-05-17 19:32:28 UTC (rev 12744)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/IdentityImpl.java 2010-05-17 23:01:09 UTC (rev 12745)
@@ -7,7 +7,9 @@
import java.util.ArrayList;
import java.util.Collection;
import java.util.Enumeration;
+import java.util.HashMap;
import java.util.List;
+import java.util.Map;
import java.util.Set;
import javax.enterprise.context.SessionScoped;
@@ -72,7 +74,12 @@
private Principal principal;
private Subject subject;
private String jaasConfigName = null;
- private List<String> preAuthenticationRoles = new ArrayList<String>();
+
+ // Contains a group to role list mapping of roles assigned during the authentication process
+ private Map<String,List<String>> preAuthenticationRoles = new HashMap<String,List<String>>();
+
+ // Contains a group to role list mapping of roles granted after the authentication process has completed
+ private Map<String,List<String>> activeRoles = new HashMap<String,List<String>>();
private transient ThreadLocal<Boolean> systemOp;
@@ -328,9 +335,13 @@
if (!preAuthenticationRoles.isEmpty() && isLoggedIn())
{
- for (String role : preAuthenticationRoles)
+ for (String group : preAuthenticationRoles.keySet())
{
- addRole(role);
+ for (String role : preAuthenticationRoles.get(group))
+ {
+ // TODO fix
+ addRole(role, group, null);
+ }
}
preAuthenticationRoles.clear();
}
@@ -447,47 +458,37 @@
}
}
- public boolean hasRole(String role)
+ public boolean hasRole(String roleType, String group)
{
if (!securityEnabled) return true;
if (systemOp != null && Boolean.TRUE.equals(systemOp.get())) return true;
tryLogin();
- for ( Group sg : getSubject().getPrincipals(Group.class) )
- {
- if ( ROLES_GROUP.equals( sg.getName() ) )
- {
- return sg.isMember( new Role(role) );
- }
- }
- return false;
+ List<String> roles = activeRoles.get(group);
+ return (roles != null && roles.contains(roleType));
}
- public boolean addRole(String role)
+ public boolean addRole(String roleType, String group, String groupType)
{
- if (role == null || "".equals(role)) return false;
+ if (roleType == null || "".equals(roleType)) return false;
- if (!isLoggedIn())
+ Map<String,List<String>> roleMap = isLoggedIn() ? activeRoles :
+ preAuthenticationRoles;
+
+ List<String> roles = null;
+
+ if (!roleMap.containsKey(group))
{
- preAuthenticationRoles.add(role);
- return false;
+ roles = new ArrayList<String>();
+ roleMap.put(group, roles);
}
else
{
- for ( Group sg : getSubject().getPrincipals(Group.class) )
- {
- if ( ROLES_GROUP.equals( sg.getName() ) )
- {
- return sg.addMember(new Role(role));
- }
- }
-
- SimpleGroup roleGroup = new SimpleGroup(ROLES_GROUP);
- roleGroup.addMember(new Role(role));
- getSubject().getPrincipals().add(roleGroup);
- return true;
+ roles = roleMap.get(group);
}
+
+ return roles.add(roleType);
}
/**
@@ -495,32 +496,19 @@
*
* @param role The name of the role to remove
*/
- public void removeRole(String role)
+ public void removeRole(String roleType, String group)
{
- for ( Group sg : getSubject().getPrincipals(Group.class) )
+ if (activeRoles.containsKey(group))
{
- if ( ROLES_GROUP.equals( sg.getName() ) )
- {
- Enumeration<?> e = sg.members();
- while (e.hasMoreElements())
- {
- Principal member = (Principal) e.nextElement();
- if (member.getName().equals(role))
- {
- sg.removeMember(member);
- break;
- }
- }
-
- }
+ activeRoles.get(group).remove(roleType);
}
}
- public void checkRole(String role)
+ public void checkRole(String roleType, String group)
{
tryLogin();
- if ( !hasRole(role) )
+ if ( !hasRole(roleType, group) )
{
if ( !isLoggedIn() )
{
@@ -531,7 +519,7 @@
{
manager.fireEvent(new NotAuthorizedEvent());
throw new AuthorizationException(String.format(
- "Authorization check failed for role [%s]", role));
+ "Authorization check failed for role [%s:%s]", roleType, group));
}
}
}
@@ -572,20 +560,7 @@
return permissionMapper.resolvePermission(target, action);
}
-
- /**
- * Evaluates the specified security expression, which must return a boolean
- * value.
- *
- * @param expr String The expression to evaluate
- * @return boolean The result of the expression evaluation
- */
- /*
- protected boolean evaluateExpression(String expr)
- {
- return expressions.createValueExpression(expr, Boolean.class).getValue();
- }*/
-
+
public String getJaasConfigName()
{
return jaasConfigName;
Modified: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/RememberMe.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/RememberMe.java 2010-05-17 19:32:28 UTC (rev 12744)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/RememberMe.java 2010-05-17 23:01:09 UTC (rev 12745)
@@ -15,6 +15,7 @@
import org.jboss.seam.security.events.QuietLoginEvent;
import org.jboss.seam.security.management.IdentityManager;
import org.jboss.seam.security.util.Base64;
+import org.picketlink.idm.api.Role;
/**
* Remember-me functionality is provided by this class, in two different flavours. The first mode
@@ -139,7 +140,7 @@
{
final String username = credentials.getUsername();
final BoolWrapper userEnabled = new BoolWrapper();
- final List<String> roles = new ArrayList<String>();
+ final List<Role> roles = new ArrayList<Role>();
// Double check our credentials again
if (tokenStore.validateToken(username, credentials.getPassword()))
@@ -152,7 +153,7 @@
{
userEnabled.value = true;
- for (String role : identityManager.getImpliedRoles(username))
+ for (Role role : identityManager.getImpliedRoles(username))
{
roles.add(role);
}
@@ -166,9 +167,10 @@
identityImpl.preAuthenticate();
// populate the roles
- for (String role : roles)
+ for (Role role : roles)
{
- identity.addRole(role);
+ identity.addRole(role.getRoleType().getName(),
+ role.getGroup().getName(), role.getGroup().getGroupType());
}
// Set the principal
Deleted: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/Role.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/Role.java 2010-05-17 19:32:28 UTC (rev 12744)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/Role.java 2010-05-17 23:01:09 UTC (rev 12745)
@@ -1,49 +0,0 @@
-package org.jboss.seam.security;
-
-import org.picketlink.idm.api.Group;
-import org.picketlink.idm.api.RoleType;
-import org.picketlink.idm.api.User;
-
-/**
- * Seam implementation of the PicketLink Role interface. Each role is a direct
- * one-to-one mapping between User and Group.
- *
- * @author Shane Bryzak
- */
-public class Role implements org.picketlink.idm.api.Role
-{
- private static final long serialVersionUID = 1187276024036531700L;
-
- private boolean conditional;
-
- private Group group;
- private RoleType roleType;
- private User user;
-
- public Role(Group group, RoleType roleType, User user)
- {
- this.group = group;
- this.roleType = roleType;
- this.user = user;
- }
-
- public boolean isConditional()
- {
- return conditional;
- }
-
- public Group getGroup()
- {
- return group;
- }
-
- public RoleType getRoleType()
- {
- return roleType;
- }
-
- public User getUser()
- {
- return user;
- }
-}
Copied: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/RoleImpl.java (from rev 12734, modules/security/trunk/impl/src/main/java/org/jboss/seam/security/Role.java)
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/RoleImpl.java (rev 0)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/RoleImpl.java 2010-05-17 23:01:09 UTC (rev 12745)
@@ -0,0 +1,49 @@
+package org.jboss.seam.security;
+
+import org.picketlink.idm.api.Group;
+import org.picketlink.idm.api.RoleType;
+import org.picketlink.idm.api.User;
+
+/**
+ * Seam implementation of the PicketLink Role interface. Each role is a direct
+ * one-to-one mapping between User and Group.
+ *
+ * @author Shane Bryzak
+ */
+public class RoleImpl implements org.picketlink.idm.api.Role
+{
+ private static final long serialVersionUID = 1187276024036531700L;
+
+ private boolean conditional;
+
+ private Group group;
+ private RoleType roleType;
+ private User user;
+
+ public RoleImpl(Group group, RoleType roleType, User user)
+ {
+ this.group = group;
+ this.roleType = roleType;
+ this.user = user;
+ }
+
+ public boolean isConditional()
+ {
+ return conditional;
+ }
+
+ public Group getGroup()
+ {
+ return group;
+ }
+
+ public RoleType getRoleType()
+ {
+ return roleType;
+ }
+
+ public User getUser()
+ {
+ return user;
+ }
+}
Modified: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/RunAsOperation.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/RunAsOperation.java 2010-05-17 19:32:28 UTC (rev 12744)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/RunAsOperation.java 2010-05-17 23:01:09 UTC (rev 12745)
@@ -57,10 +57,11 @@
break;
}
}
-
- SimpleGroup roleGroup = new SimpleGroup(IdentityImpl.ROLES_GROUP);
- roleGroup.addMember(new SimplePrincipal(role));
- getSubject().getPrincipals().add(roleGroup);
+
+ // TODO fix this
+ //SimpleGroup roleGroup = new SimpleGroup(IdentityImpl.ROLES_GROUP);
+ //roleGroup.addMember(new SimplePrincipal(role));
+ //getSubject().getPrincipals().add(roleGroup);
return this;
}
Modified: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/SecurityInterceptor.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/SecurityInterceptor.java 2010-05-17 19:32:28 UTC (rev 12744)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/SecurityInterceptor.java 2010-05-17 23:01:09 UTC (rev 12745)
@@ -139,10 +139,11 @@
if (roleRestrictions != null)
{
- for (String role : roleRestrictions)
- {
- identity.checkRole(role);
- }
+ // TODO rewrite role restriction logic
+ //for (String role : roleRestrictions)
+ //{
+ // identity.checkRole(role);
+ //}
}
if (permissionTarget != null && permissionAction != null)
Deleted: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/SimpleGroup.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/SimpleGroup.java 2010-05-17 19:32:28 UTC (rev 12744)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/SimpleGroup.java 2010-05-17 23:01:09 UTC (rev 12745)
@@ -1,93 +0,0 @@
-package org.jboss.seam.security;
-
-import java.io.Serializable;
-import java.security.Principal;
-import java.security.acl.Group;
-import java.util.Collections;
-import java.util.Enumeration;
-import java.util.HashSet;
-import java.util.Set;
-
-/**
- * Implementation of the Group interface, used for holding roles etc.
- *
- * @author Shane Bryzak
- */
-public class SimpleGroup implements Group, Serializable
-{
- private static final long serialVersionUID = 5766373925836425908L;
-
- /**
- * The name of the group
- */
- private String name;
-
- /**
- * The members of this group
- */
- private Set<Principal> members = new HashSet<Principal>();
-
- public SimpleGroup(String name)
- {
- this.name = name;
- }
-
- public boolean addMember(Principal user)
- {
- return members.add(user);
- }
-
- public boolean isMember(Principal member)
- {
- if ( members.contains(member) )
- {
- return true;
- }
- else
- {
- for (Principal m : members)
- {
- if (m instanceof Group && ((Group) m).isMember(member))
- {
- return true;
- }
- }
- }
- return false;
- }
-
- public Enumeration<? extends Principal> members()
- {
- return Collections.enumeration(members);
- }
-
- public boolean removeMember(Principal user)
- {
- return members.remove(user);
- }
-
- public String getName()
- {
- return name;
- }
-
- @Override
- public boolean equals(Object obj)
- {
- if (obj instanceof SimpleGroup)
- {
- SimpleGroup other = (SimpleGroup) obj;
- return other.name.equals(name);
- }
- else
- {
- return false;
- }
- }
-
- @Override
- public int hashCode()
- {
- return name.hashCode();
- }
-}
Added: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/UserImpl.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/UserImpl.java (rev 0)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/UserImpl.java 2010-05-17 23:01:09 UTC (rev 12745)
@@ -0,0 +1,30 @@
+package org.jboss.seam.security;
+
+import org.picketlink.idm.api.User;
+
+/**
+ * Implementation of the PicketLink User interface.
+ *
+ * @author Shane Bryzak
+ */
+public class UserImpl implements User
+{
+ private String id;
+
+ public UserImpl(String id)
+ {
+ this.id = id;
+ }
+
+ public String getId()
+ {
+ return id;
+ }
+
+ public String getKey()
+ {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+}
Modified: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/jaas/SeamLoginModule.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/jaas/SeamLoginModule.java 2010-05-17 19:32:28 UTC (rev 12744)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/jaas/SeamLoginModule.java 2010-05-17 23:01:09 UTC (rev 12745)
@@ -15,13 +15,13 @@
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
-import org.jboss.seam.security.SimpleGroup;
import org.jboss.seam.security.SimplePrincipal;
import org.jboss.seam.security.callbacks.AuthenticatorCallback;
import org.jboss.seam.security.callbacks.IdentityCallback;
import org.jboss.seam.security.callbacks.IdentityManagerCallback;
import org.jboss.seam.security.management.IdentityManager;
+import org.picketlink.idm.api.Role;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -62,8 +62,6 @@
}
}
- if (roleGroup == null) roleGroup = new SimpleGroup(ROLES_GROUP);
-
for (String role : roles)
{
roleGroup.addMember(new SimplePrincipal(role));
@@ -115,9 +113,10 @@
if (success)
{
- for (String role : identityManager.getImpliedRoles(username))
+ for (Role role : identityManager.getImpliedRoles(username))
{
- idCallback.getIdentity().addRole(role);
+ idCallback.getIdentity().addRole(role.getRoleType().getName(),
+ role.getGroup().getName(), role.getGroup().getGroupType());
}
}
Modified: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/IdentityManagerImpl.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/IdentityManagerImpl.java 2010-05-17 19:32:28 UTC (rev 12744)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/IdentityManagerImpl.java 2010-05-17 23:01:09 UTC (rev 12745)
@@ -1,7 +1,6 @@
package org.jboss.seam.security.management;
import java.io.Serializable;
-import java.security.Principal;
import java.util.Collections;
import java.util.Comparator;
import java.util.List;
@@ -14,6 +13,9 @@
import org.jboss.seam.security.Identity;
import org.jboss.seam.security.util.Strings;
+import org.picketlink.idm.api.Group;
+import org.picketlink.idm.api.IdentityType;
+import org.picketlink.idm.api.Role;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -29,6 +31,7 @@
public static final String USER_PERMISSION_NAME = "seam.user";
public static final String ROLE_PERMISSION_NAME = "seam.role";
+ public static final String GROUP_PERMISSION_NAME = "seam.group";
public static final String PERMISSION_CREATE = "create";
public static final String PERMISSION_READ = "read";
@@ -40,8 +43,9 @@
@Inject BeanManager manager;
@Inject Identity identity;
- private IdentityStore identityStore;
- private IdentityStore roleIdentityStore;
+ protected IdentityStore identityStore;
+ protected IdentityStore roleIdentityStore;
+ protected IdentityStore groupIdentityStore;
@PostConstruct
public void create()
@@ -105,40 +109,40 @@
return identityStore.isUserEnabled(name);
}
- public boolean grantRole(String name, String role)
+ public boolean grantRole(String name, String role, Group group)
{
identity.checkPermission(USER_PERMISSION_NAME, PERMISSION_UPDATE);
- return roleIdentityStore.grantRole(name, role);
+ return roleIdentityStore.grantRole(name, role, group);
}
- public boolean revokeRole(String name, String role)
+ public boolean revokeRole(String name, String role, Group group)
{
identity.checkPermission(USER_PERMISSION_NAME, PERMISSION_UPDATE);
- return roleIdentityStore.revokeRole(name, role);
+ return roleIdentityStore.revokeRole(name, role, group);
}
- public boolean createRole(String role)
+ public boolean createRoleType(String roleType)
{
identity.checkPermission(ROLE_PERMISSION_NAME, PERMISSION_CREATE);
- return roleIdentityStore.createRole(role);
+ return roleIdentityStore.createRoleType(roleType);
}
- public boolean deleteRole(String role)
+ public boolean deleteRoleType(String roleType)
{
identity.checkPermission(ROLE_PERMISSION_NAME, PERMISSION_DELETE);
- return roleIdentityStore.deleteRole(role);
+ return roleIdentityStore.deleteRoleType(roleType);
}
- public boolean addRoleToGroup(String role, String group)
+ public boolean createGroup(String name, String groupType)
{
- identity.checkPermission(ROLE_PERMISSION_NAME, PERMISSION_UPDATE);
- return roleIdentityStore.addRoleToGroup(role, group);
+ identity.checkPermission(GROUP_PERMISSION_NAME, PERMISSION_CREATE);
+ return groupIdentityStore.createGroup(name, groupType);
}
- public boolean removeRoleFromGroup(String role, String group)
+ public boolean deleteGroup(String name, String groupType)
{
- identity.checkPermission(ROLE_PERMISSION_NAME, PERMISSION_UPDATE);
- return roleIdentityStore.removeRoleFromGroup(role, group);
+ identity.checkPermission(GROUP_PERMISSION_NAME, PERMISSION_DELETE);
+ return groupIdentityStore.deleteGroup(name, groupType);
}
public boolean userExists(String name)
@@ -147,15 +151,15 @@
return identityStore.userExists(name);
}
- public boolean roleExists(String name)
+ public boolean roleExists(String roleType)
{
- return roleIdentityStore.roleExists(name);
+ return roleIdentityStore.roleTypeExists(roleType);
}
public List<String> getUsers()
{
identity.checkPermission(USER_PERMISSION_NAME, PERMISSION_READ);
- List<String> users = identityStore.listUsers();
+ List<String> users = identityStore.findUsers();
Collections.sort(users, new Comparator<String>() {
public int compare(String value1, String value2) {
@@ -169,7 +173,7 @@
public List<String> getUsers(String filter)
{
identity.checkPermission(USER_PERMISSION_NAME, PERMISSION_READ);
- List<String> users = identityStore.listUsers(filter);
+ List<String> users = identityStore.findUsers(filter);
Collections.sort(users, new Comparator<String>() {
public int compare(String value1, String value2) {
@@ -183,7 +187,7 @@
public List<String> getRoles()
{
identity.checkPermission(ROLE_PERMISSION_NAME, PERMISSION_READ);
- List<String> roles = roleIdentityStore.listRoles();
+ List<String> roles = roleIdentityStore.listRoleTypes();
Collections.sort(roles, new Comparator<String>() {
public int compare(String value1, String value2) {
@@ -196,7 +200,7 @@
public List<String> getGrantableRoles()
{
- List<String> roles = roleIdentityStore.listGrantableRoles();
+ List<String> roles = roleIdentityStore.listGrantableRoleTypes();
Collections.sort(roles, new Comparator<String>() {
public int compare(String value1, String value2) {
@@ -213,9 +217,9 @@
* @param name The user for which to return a list of roles
* @return List containing the names of the granted roles
*/
- public List<String> getGrantedRoles(String name)
+ public List<Role> getGrantedRoles(String username)
{
- return roleIdentityStore.getGrantedRoles(name);
+ return roleIdentityStore.listGrantedRoles(username);
}
/**
@@ -224,22 +228,17 @@
* @param name The user for which to return the list of roles
* @return List containing the names of the implied roles
*/
- public List<String> getImpliedRoles(String name)
+ public List<Role> getImpliedRoles(String username)
{
- return roleIdentityStore.getImpliedRoles(name);
+ return roleIdentityStore.listImpliedRoles(username);
}
- public List<Principal> listMembers(String role)
+ public List<IdentityType> listRoleMembers(String roleType, Group group)
{
identity.checkPermission(ROLE_PERMISSION_NAME, PERMISSION_READ);
- return roleIdentityStore.listMembers(role);
+ return roleIdentityStore.listRoleMembers(roleType, group);
}
-
- public List<String> getRoleGroups(String name)
- {
- return roleIdentityStore.getRoleGroups(name);
- }
-
+
public boolean authenticate(String username, String password)
{
if (Strings.isEmpty(username)) return false;
Deleted: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/JpaIdentityStore.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/JpaIdentityStore.java 2010-05-17 19:32:28 UTC (rev 12744)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/JpaIdentityStore.java 2010-05-17 23:01:09 UTC (rev 12745)
@@ -1,1080 +0,0 @@
-package org.jboss.seam.security.management;
-
-import java.io.Serializable;
-import java.lang.reflect.ParameterizedType;
-import java.lang.reflect.Type;
-import java.security.GeneralSecurityException;
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
-import javax.enterprise.context.ApplicationScoped;
-import javax.enterprise.inject.Instance;
-import javax.enterprise.inject.spi.BeanManager;
-import javax.inject.Inject;
-import javax.persistence.EntityManager;
-import javax.persistence.NoResultException;
-
-import org.jboss.seam.security.Role;
-import org.jboss.seam.security.SimplePrincipal;
-import org.jboss.seam.security.annotations.management.PasswordSalt;
-import org.jboss.seam.security.annotations.management.RoleConditional;
-import org.jboss.seam.security.annotations.management.RoleGroups;
-import org.jboss.seam.security.annotations.management.RoleName;
-import org.jboss.seam.security.annotations.management.UserEnabled;
-import org.jboss.seam.security.annotations.management.UserFirstName;
-import org.jboss.seam.security.annotations.management.UserLastName;
-import org.jboss.seam.security.annotations.management.UserPassword;
-import org.jboss.seam.security.annotations.management.UserPrincipal;
-import org.jboss.seam.security.annotations.management.UserRoles;
-import org.jboss.seam.security.crypto.BinTools;
-import org.jboss.seam.security.events.PrePersistUserEvent;
-import org.jboss.seam.security.events.PrePersistUserRoleEvent;
-import org.jboss.seam.security.events.UserAuthenticatedEvent;
-import org.jboss.seam.security.events.UserCreatedEvent;
-import org.jboss.seam.security.util.AnnotatedBeanProperty;
-import org.jboss.seam.security.util.TypedBeanProperty;
-import org.jboss.seam.transaction.Transactional;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * The default identity store implementation, uses JPA as its persistence mechanism.
- *
- * @author Shane Bryzak
- */
-public @ApplicationScoped @Transactional class JpaIdentityStore implements IdentityStore, Serializable
-{
- private static final long serialVersionUID = 1171875389743972646L;
-
- protected FeatureSet featureSet;
-
- private Logger log = LoggerFactory.getLogger(JpaIdentityStore.class);
-
- @Inject Instance<EntityManager> entityManagerInstance;
-
- @Inject Instance<PasswordHash> passwordHashInstance;
-
- @Inject BeanManager manager;
-
- private Class<?> userEntityClass;
- private Class<?> roleEntityClass;
- private Class<?> xrefEntityClass;
- private TypedBeanProperty xrefUserProperty;
- private TypedBeanProperty xrefRoleProperty;
-
- private AnnotatedBeanProperty<UserPrincipal> userPrincipalProperty;
- private AnnotatedBeanProperty<UserPassword> userPasswordProperty;
- private AnnotatedBeanProperty<PasswordSalt> passwordSaltProperty;
- private AnnotatedBeanProperty<UserRoles> userRolesProperty;
- private AnnotatedBeanProperty<UserEnabled> userEnabledProperty;
- private AnnotatedBeanProperty<UserFirstName> userFirstNameProperty;
- private AnnotatedBeanProperty<UserLastName> userLastNameProperty;
- private AnnotatedBeanProperty<RoleName> roleNameProperty;
- private AnnotatedBeanProperty<RoleGroups> roleGroupsProperty;
- private AnnotatedBeanProperty<RoleConditional> roleConditionalProperty;
-
- public Set<Feature> getFeatures()
- {
- return featureSet.getFeatures();
- }
-
- public void setFeatures(Set<Feature> features)
- {
- featureSet = new FeatureSet(features);
- }
-
- public boolean supportsFeature(Feature feature)
- {
- return featureSet.supports(feature);
- }
-
- @Inject
- public void init()
- {
- if (featureSet == null)
- {
- featureSet = new FeatureSet();
- featureSet.enableAll();
- }
-
- userPrincipalProperty = new AnnotatedBeanProperty<UserPrincipal>(getUserEntityClass(), UserPrincipal.class);
- userPasswordProperty = new AnnotatedBeanProperty<UserPassword>(getUserEntityClass(), UserPassword.class);
- passwordSaltProperty = new AnnotatedBeanProperty<PasswordSalt>(getUserEntityClass(), PasswordSalt.class);
- userRolesProperty = new AnnotatedBeanProperty<UserRoles>(getUserEntityClass(), UserRoles.class);
- userEnabledProperty = new AnnotatedBeanProperty<UserEnabled>(getUserEntityClass(), UserEnabled.class);
- userFirstNameProperty = new AnnotatedBeanProperty<UserFirstName>(getUserEntityClass(), UserFirstName.class);
- userLastNameProperty = new AnnotatedBeanProperty<UserLastName>(getUserEntityClass(), UserLastName.class);
-
- if (!userPrincipalProperty.isSet())
- {
- throw new IdentityManagementException("Invalid userClass " + getUserEntityClass().getName() +
- " - required annotation @UserPrincipal not found on any Field or Method.");
- }
-
- if (!userRolesProperty.isSet())
- {
- throw new IdentityManagementException("Invalid userClass " + getUserEntityClass().getName() +
- " - required annotation @UserRoles not found on any Field or Method.");
- }
-
- if (getRoleEntityClass() != null)
- {
- roleNameProperty = new AnnotatedBeanProperty<RoleName>(getRoleEntityClass(), RoleName.class);
- roleGroupsProperty = new AnnotatedBeanProperty<RoleGroups>(getRoleEntityClass(), RoleGroups.class);
- roleConditionalProperty = new AnnotatedBeanProperty<RoleConditional>(getRoleEntityClass(), RoleConditional.class);
-
- if (!roleNameProperty.isSet())
- {
- throw new IdentityManagementException("Invalid roleClass " + getRoleEntityClass().getName() +
- " - required annotation @RoleName not found on any Field or Method.");
- }
-
- Type type = userRolesProperty.getPropertyType();
- if (type instanceof ParameterizedType &&
- Collection.class.isAssignableFrom((Class<?>) ((ParameterizedType) type).getRawType()))
- {
- Type genType = Object.class;
-
- for (Type t : ((ParameterizedType) type).getActualTypeArguments())
- {
- genType = t;
- break;
- }
-
- // If the @UserRoles property isn't a collection of <roleClass>, then assume the relationship
- // is going through a cross-reference table
- if (!genType.equals(getRoleEntityClass()))
- {
- xrefEntityClass = (Class<?>) genType;
- xrefUserProperty = new TypedBeanProperty(xrefEntityClass, getUserEntityClass());
- xrefRoleProperty = new TypedBeanProperty(xrefEntityClass, getRoleEntityClass());
-
- if (!xrefUserProperty.isSet())
- {
- throw new IdentityManagementException("Error configuring JpaIdentityStore - it looks like " +
- "you're using a cross-reference table, however the user property cannot be determined.");
- }
-
- if (!xrefRoleProperty.isSet())
- {
- throw new IdentityManagementException("Error configuring JpaIdentityStore - it looks like " +
- "you're using a cross-reference table, however the role property cannot be determined.");
- }
- }
- }
- }
- }
-
- public boolean createUser(String username, String password, String firstname, String lastname)
- {
- try
- {
- if (getUserEntityClass() == null)
- {
- throw new IdentityManagementException("Could not create account, userClass not set");
- }
-
- if (userExists(username))
- {
- throw new IdentityManagementException("Could not create account, already exists");
- }
-
- Object user = getUserEntityClass().newInstance();
-
- getUserPrincipalProperty().setValue(user, username);
-
- if (getUserFirstNameProperty().isSet()) getUserFirstNameProperty().setValue(user, firstname);
- if (getUserLastNameProperty().isSet()) getUserLastNameProperty().setValue(user, lastname);
-
- if (password == null)
- {
- if (getUserEnabledProperty().isSet()) getUserEnabledProperty().setValue(user, false);
- }
- else
- {
- setUserPassword(user, password);
- if (getUserEnabledProperty().isSet()) getUserEnabledProperty().setValue(user, true);
- }
-
- manager.fireEvent(new PrePersistUserEvent(user));
-
- getEntityManager().persist(user);
-
- manager.fireEvent(new UserCreatedEvent(user));
-
- return true;
- }
- catch (Exception ex)
- {
- if (ex instanceof IdentityManagementException)
- {
- throw (IdentityManagementException) ex;
- }
- else
- {
- throw new IdentityManagementException("Could not create account", ex);
- }
- }
- }
-
- protected void setUserPassword(Object user, String password)
- {
- if (getPasswordSaltProperty().isSet())
- {
- byte[] salt = generateUserSalt(user);
- getPasswordSaltProperty().setValue(user, BinTools.bin2hex(salt));
- getUserPasswordProperty().setValue(user, generatePasswordHash(password, salt));
- }
- else
- {
- getUserPasswordProperty().setValue(user, generatePasswordHash(password, getUserAccountSalt(user)));
- }
- }
-
- /**
- * @deprecated Use JpaIdentityStore.generateRandomSalt(Object) instead
- */
- @Deprecated
- protected String getUserAccountSalt(Object user)
- {
- // By default, we'll use the user's username as the password salt
- return getUserPrincipalProperty().getValue(user).toString();
- }
-
- /**
- * Generates a 64 bit random salt value
- */
- public byte[] generateUserSalt(Object user)
- {
- return getPasswordHash().generateRandomSalt();
- }
-
- public boolean createUser(String username, String password)
- {
- return createUser(username, password, null, null);
- }
-
- public boolean deleteUser(String name)
- {
- Object user = lookupUser(name);
- if (user == null)
- {
- throw new NoSuchUserException("Could not delete, user '" + name + "' does not exist");
- }
-
- getEntityManager().remove(user);
- return true;
- }
-
- @SuppressWarnings("unchecked")
- public boolean grantRole(String username, String role)
- {
- if (getRoleEntityClass() == null) return false;
-
- Object user = lookupUser(username);
- if (user == null)
- {
- if (getUserPasswordProperty().isSet())
- {
- // If no userPasswordProperty is set, it means that authentication is being performed
- // by another identity store and this one is just managing roles
- throw new NoSuchUserException("Could not grant role, no such user '" + username + "'");
- }
- else
- {
- // We need to create a new user object
- if (createUser(username, null))
- {
- user = lookupUser(username);
- }
- else
- {
- throw new IdentityManagementException(
- "Could not grant role - user does not exist and an attempt to create the user failed.");
- }
- }
- }
-
- Object roleToGrant = lookupRole(role);
- if (roleToGrant == null)
- {
- throw new NoSuchRoleException("Could not grant role, role '" + role + "' does not exist");
- }
-
- Collection<?> userRoles = (Collection<?>) getUserRolesProperty().getValue(user);
- if (userRoles == null)
- {
- Type propType = getUserRolesProperty().getPropertyType();
- Class<?> collectionType;
-
- if (propType instanceof Class && Collection.class.isAssignableFrom((Class<?>) propType))
- {
- collectionType = (Class<?>) propType;
- }
- else if (propType instanceof ParameterizedType &&
- Collection.class.isAssignableFrom((Class<?>) ((ParameterizedType) propType).getRawType()))
- {
- collectionType = (Class<?>) ((ParameterizedType) propType).getRawType();
- }
- else
- {
- throw new IllegalStateException("Could not determine collection type for user roles.");
- }
-
- // This should either be a Set, or a List...
- if (Set.class.isAssignableFrom(collectionType))
- {
- userRoles = new HashSet<Object>();
- }
- else if (List.class.isAssignableFrom(collectionType))
- {
- userRoles = new ArrayList<Object>();
- }
-
- getUserRolesProperty().setValue(user, userRoles);
- }
- else if (((Collection<?>) getUserRolesProperty().getValue(user)).contains(roleToGrant))
- {
- return false;
- }
-
- if (getXrefEntityClass() == null)
- {
- // If this is a Many-To-Many relationship, simply add the role
- ((Collection<Object>) getUserRolesProperty().getValue(user)).add(roleToGrant);
- }
- else
- {
- // Otherwise we need to insert a cross-reference entity instance
- try
- {
- Object xref = getXrefEntityClass().newInstance();
- getXrefUserProperty().setValue(xref, user);
- getXrefRoleProperty().setValue(xref, roleToGrant);
-
- manager.fireEvent(new PrePersistUserRoleEvent(xref));
-
- ((Collection<Object>) getUserRolesProperty().getValue(user)).add(getEntityManager().merge(xref));
- }
- catch (Exception ex)
- {
- throw new IdentityManagementException("Error creating cross-reference role record.", ex);
- }
- }
-
- return true;
- }
-
- public boolean revokeRole(String username, String role)
- {
- Object user = lookupUser(username);
- if (user == null)
- {
- throw new NoSuchUserException("Could not revoke role, no such user '" + username + "'");
- }
-
- Object roleToRevoke = lookupRole(role);
- if (roleToRevoke == null)
- {
- throw new NoSuchRoleException("Could not revoke role, role '" + role + "' does not exist");
- }
-
- boolean success = false;
-
- if (getXrefEntityClass() == null)
- {
- success = ((Collection<?>) getUserRolesProperty().getValue(user)).remove(roleToRevoke);
- }
- else
- {
- Collection<?> roles = ((Collection<?>) getUserRolesProperty().getValue(user));
-
- for (Object xref : roles)
- {
- if (getXrefRoleProperty().getValue(xref).equals(roleToRevoke))
- {
- success = roles.remove(xref);
- break;
- }
- }
- }
-
- return success;
- }
-
- @SuppressWarnings("unchecked")
- public boolean addRoleToGroup(String role, String group)
- {
- if (!getRoleGroupsProperty().isSet()) return false;
-
- Object targetRole = lookupRole(role);
- if (targetRole == null)
- {
- throw new NoSuchUserException("Could not add role to group, no such role '" + role + "'");
- }
-
- Object targetGroup = lookupRole(group);
- if (targetGroup == null)
- {
- throw new NoSuchRoleException("Could not grant role, group '" + group + "' does not exist");
- }
-
- Collection<?> roleGroups = (Collection<?>) getRoleGroupsProperty().getValue(targetRole);
- if (roleGroups == null)
- {
- // This should either be a Set, or a List...
- Class<?> rawType = null;
- if (getRoleGroupsProperty().getPropertyType() instanceof ParameterizedType)
- {
- rawType = (Class<?>) ((ParameterizedType) getRoleGroupsProperty().getPropertyType()).getRawType();
- }
- else
- {
- return false;
- }
-
- if (Set.class.isAssignableFrom(rawType))
- {
- roleGroups = new HashSet<Object>();
- }
- else if (List.class.isAssignableFrom(rawType))
- {
- roleGroups = new ArrayList<Object>();
- }
-
- getRoleGroupsProperty().setValue(targetRole, roleGroups);
- }
- else if (((Collection<?>) getRoleGroupsProperty().getValue(targetRole)).contains(targetGroup))
- {
- return false;
- }
-
- ((Collection<Object>) getRoleGroupsProperty().getValue(targetRole)).add(targetGroup);
-
- return true;
- }
-
- public boolean removeRoleFromGroup(String role, String group)
- {
- if (!getRoleGroupsProperty().isSet()) return false;
-
- Object roleToRemove = lookupRole(role);
- if (role == null)
- {
- throw new NoSuchUserException("Could not remove role from group, no such role '" + role + "'");
- }
-
- Object targetGroup = lookupRole(group);
- if (targetGroup == null)
- {
- throw new NoSuchRoleException("Could not remove role from group, no such group '" + group + "'");
- }
-
- boolean success = ((Collection<?>) getRoleGroupsProperty().getValue(roleToRemove)).remove(targetGroup);
-
- return success;
- }
-
- public boolean createRole(String role)
- {
- try
- {
- if (getRoleEntityClass() == null)
- {
- throw new IdentityManagementException("Could not create role, roleClass not set");
- }
-
- if (roleExists(role))
- {
- throw new IdentityManagementException("Could not create role, already exists");
- }
-
- Object instance = getRoleEntityClass().newInstance();
- getRoleNameProperty().setValue(instance, role);
- getEntityManager().persist(instance);
-
- return true;
- }
- catch (Exception ex)
- {
- if (ex instanceof IdentityManagementException)
- {
- throw (IdentityManagementException) ex;
- }
- else
- {
- throw new IdentityManagementException("Could not create role", ex);
- }
- }
- }
-
- public boolean deleteRole(String role)
- {
- Object roleToDelete = lookupRole(role);
- if (roleToDelete == null)
- {
- throw new NoSuchRoleException("Could not delete role, role '" + role + "' does not exist");
- }
-
- if (getXrefEntityClass() != null)
- {
- getEntityManager().createQuery("delete " + getXrefEntityClass().getName() + " where role = :role")
- .setParameter("role", roleToDelete)
- .executeUpdate();
- }
- else
- {
- List<String> users = listUserMembers(role);
- for (String user : users)
- {
- revokeRole(user, role);
- }
- }
-
- List<String> roles = listRoleMembers(role);
- for (String r : roles)
- {
- removeRoleFromGroup(r, role);
- }
-
- getEntityManager().remove(roleToDelete);
- return true;
- }
-
- public boolean enableUser(String name)
- {
- if (!getUserEnabledProperty().isSet())
- {
- log.debug("Can not enable user, no @UserEnabled property configured in userClass " +
- getUserEntityClass().getName());
- return false;
- }
-
- Object user = lookupUser(name);
- if (user == null)
- {
- throw new NoSuchUserException("Could not enable user, user '" + name + "' does not exist");
- }
-
- // Can't enable an already-enabled user, return false
- if (((Boolean) getUserEnabledProperty().getValue(user)) == true)
- {
- return false;
- }
-
- getUserEnabledProperty().setValue(user, true);
- return true;
- }
-
- public boolean disableUser(String name)
- {
- if (!getUserEnabledProperty().isSet())
- {
- log.debug("Can not disable user, no @UserEnabled property configured in userClass " +
- getUserEntityClass().getName());
- return false;
- }
-
- Object user = lookupUser(name);
- if (user == null)
- {
- throw new NoSuchUserException("Could not disable user, user '" + name + "' does not exist");
- }
-
- // Can't disable an already-disabled user, return false
- if (((Boolean) getUserEnabledProperty().getValue(user)) == false)
- {
- return false;
- }
-
- getUserEnabledProperty().setValue(user, false);
- return true;
- }
-
- public boolean changePassword(String username, String password)
- {
- Object user = lookupUser(username);
- if (user == null)
- {
- throw new NoSuchUserException("Could not change password, user '" + username + "' does not exist");
- }
-
- setUserPassword(user, password);
-
- return true;
- }
-
- public boolean userExists(String name)
- {
- return lookupUser(name) != null;
- }
-
- public boolean roleExists(String name)
- {
- return lookupRole(name) != null;
- }
-
- public boolean isUserEnabled(String name)
- {
- Object user = lookupUser(name);
- return user != null && (!getUserEnabledProperty().isSet() ||
- (((Boolean) getUserEnabledProperty().getValue(user))) == true);
- }
-
- public List<String> getGrantedRoles(String name)
- {
- Object user = lookupUser(name);
- if (user == null)
- {
- throw new NoSuchUserException("No such user '" + name + "'");
- }
-
- List<String> roles = new ArrayList<String>();
-
- Collection<?> userRoles = (Collection<?>) getUserRolesProperty().getValue(user);
- if (userRoles != null)
- {
- for (Object role : userRoles)
- {
- if (getXrefEntityClass() == null)
- {
- roles.add((String) getRoleNameProperty().getValue(role));
- }
- else
- {
- Object xref = getRoleNameProperty().getValue(role);
- Object userRole = getXrefRoleProperty().getValue(xref);
- roles.add((String) getRoleNameProperty().getValue(userRole));
- }
- }
- }
-
- return roles;
- }
-
- public List<String> getRoleGroups(String name)
- {
- Object role = lookupRole(name);
- if (role == null)
- {
- throw new NoSuchUserException("No such role '" + name + "'");
- }
-
- List<String> groups = new ArrayList<String>();
-
- if (getRoleGroupsProperty().isSet())
- {
- Collection<?> roleGroups = (Collection<?>) getRoleGroupsProperty().getValue(role);
- if (roleGroups != null)
- {
- for (Object group : roleGroups)
- {
- groups.add((String) getRoleNameProperty().getValue(group));
- }
- }
- }
-
- return groups;
- }
-
- public List<String> getImpliedRoles(String name)
- {
- Object user = lookupUser(name);
- if (user == null)
- {
- throw new NoSuchUserException("No such user '" + name + "'");
- }
-
- Set<String> roles = new HashSet<String>();
- Collection<?> userRoles = (Collection<?>) getUserRolesProperty().getValue(user);
- if (userRoles != null)
- {
- for (Object role : userRoles)
- {
- addRoleAndMemberships((String) getRoleNameProperty().getValue(role), roles);
- }
- }
-
- return new ArrayList<String>(roles);
- }
-
- private void addRoleAndMemberships(String role, Set<String> roles)
- {
- if (roles.add(role))
- {
- Object instance = lookupRole(role);
-
- if (getRoleGroupsProperty().isSet())
- {
- Collection<?> groups = (Collection<?>) getRoleGroupsProperty().getValue(instance);
-
- if (groups != null)
- {
- for (Object group : groups)
- {
- addRoleAndMemberships((String) getRoleNameProperty().getValue(group), roles);
- }
- }
- }
- }
- }
-
- public String generatePasswordHash(String password, byte[] salt)
- {
- if (getPasswordSaltProperty().isSet())
- {
- try
- {
- return getPasswordHash().createPasswordKey(password.toCharArray(), salt,
- getUserPasswordProperty().getAnnotation().iterations());
- }
- catch (GeneralSecurityException ex)
- {
- throw new IdentityManagementException("Exception generating password hash", ex);
- }
- }
- else
- {
- return generatePasswordHash(password, new String(salt));
- }
- }
-
- /**
- *
- * @deprecated Use JpaIdentityStore.generatePasswordHash(String, byte[]) instead
- */
- @Deprecated
- protected String generatePasswordHash(String password, String salt)
- {
- String algorithm = getUserPasswordProperty().getAnnotation().hash();
-
- if (algorithm == null || "".equals(algorithm))
- {
- if (salt == null || "".equals(salt))
- {
- return getPasswordHash().generateHash(password);
- }
- else
- {
- return getPasswordHash().generateSaltedHash(password, salt);
- }
- }
- else if ("none".equalsIgnoreCase(algorithm))
- {
- return password;
- }
- else
- {
- if (salt == null || "".equals(salt))
- {
- return getPasswordHash().generateHash(password, algorithm);
- }
- else
- {
- return getPasswordHash().generateSaltedHash(password, salt, algorithm);
- }
- }
- }
-
- public boolean authenticate(String username, String password)
- {
- Object user = lookupUser(username);
- if (user == null || (getUserEnabledProperty().isSet() &&
- ((Boolean) getUserEnabledProperty().getValue(user) == false)))
- {
- return false;
- }
-
- String passwordHash = null;
-
- if (getPasswordSaltProperty().isSet())
- {
- String encodedSalt = (String) getPasswordSaltProperty().getValue(user);
- if (encodedSalt == null)
- {
- throw new IdentityManagementException("A @PasswordSalt property was found on entity " + user +
- ", but it contains no value");
- }
-
- passwordHash = generatePasswordHash(password, BinTools.hex2bin(encodedSalt));
- }
- else
- {
- passwordHash = generatePasswordHash(password, getUserAccountSalt(user));
- }
-
-
- boolean success = passwordHash.equals(getUserPasswordProperty().getValue(user));
-
- if (success)
- {
- manager.fireEvent(new UserAuthenticatedEvent(user));
- }
-
- return success;
- }
-
- public Object lookupUser(String username)
- {
- try
- {
- Object user = getEntityManager().createQuery(
- "select u from " + getUserEntityClass().getName() + " u where u." +
- getUserPrincipalProperty().getName() + " = :username")
- .setParameter("username", username)
- .getSingleResult();
-
- return user;
- }
- catch (NoResultException ex)
- {
- return null;
- }
- }
-
- public String getUserName(Object user)
- {
- return (String) getUserPrincipalProperty().getValue(user);
- }
-
- public String getRoleName(Object role)
- {
- return (String) getRoleNameProperty().getValue(role);
- }
-
- public boolean isRoleConditional(String role)
- {
- return getRoleConditionalProperty().isSet() ? (Boolean) getRoleConditionalProperty().getValue(
- lookupRole(role)) : false;
- }
-
- public Object lookupRole(String role)
- {
- try
- {
- Object value = getEntityManager().createQuery(
- "select r from " + getRoleEntityClass().getName() + " r where " + getRoleNameProperty().getName() +
- " = :role")
- .setParameter("role", role)
- .getSingleResult();
-
- return value;
- }
- catch (NoResultException ex)
- {
- return null;
- }
- }
-
- @SuppressWarnings("unchecked")
- public List<String> listUsers()
- {
- return getEntityManager().createQuery(
- "select u." + getUserPrincipalProperty().getName() + " from " +
- getUserEntityClass().getName() + " u")
- .getResultList();
- }
-
- @SuppressWarnings("unchecked")
- public List<String> listUsers(String filter)
- {
- return getEntityManager().createQuery(
- "select u." + getUserPrincipalProperty().getName() + " from " + getUserEntityClass().getName() +
- " u where lower(" + getUserPrincipalProperty().getName() + ") like :username")
- .setParameter("username", "%" + (filter != null ? filter.toLowerCase() : "") +
- "%")
- .getResultList();
- }
-
- @SuppressWarnings("unchecked")
- public List<String> listRoles()
- {
- return getEntityManager().createQuery(
- "select r." + getRoleNameProperty().getName() + " from " +
- getRoleEntityClass().getName() + " r").getResultList();
- }
-
- public List<Principal> listMembers(String role)
- {
- List<Principal> members = new ArrayList<Principal>();
-
- for (String user : listUserMembers(role))
- {
- members.add(new SimplePrincipal(user));
- }
-
- for (String roleName : listRoleMembers(role))
- {
- members.add(new Role(roleName));
- }
-
- return members;
- }
-
- @SuppressWarnings("unchecked")
- private List<String> listUserMembers(String role)
- {
- Object roleEntity = lookupRole(role);
-
- if (getXrefEntityClass() == null)
- {
- return getEntityManager().createQuery("select u." +
- getUserPrincipalProperty().getName() +
- " from " + getUserEntityClass().getName() + " u where :role member of u." +
- getUserRolesProperty().getName())
- .setParameter("role", roleEntity)
- .getResultList();
- }
- else
- {
- List<?> xrefs = getEntityManager().createQuery("select x from " +
- getXrefEntityClass().getName() + " x where x." +
- getXrefRoleProperty().getName() + " = :role")
- .setParameter("role", roleEntity)
- .getResultList();
-
- List<String> members = new ArrayList<String>();
-
- for (Object xref : xrefs)
- {
- Object user = getXrefUserProperty().getValue(xref);
- members.add(getUserPrincipalProperty().getValue(user).toString());
- }
-
- return members;
- }
-
- }
-
- @SuppressWarnings("unchecked")
- private List<String> listRoleMembers(String role)
- {
- if (getRoleGroupsProperty().isSet())
- {
- Object roleEntity = lookupRole(role);
-
- return getEntityManager().createQuery("select r." +
- getRoleNameProperty().getName() +
- " from " + getRoleEntityClass().getName() + " r where :role member of r." +
- getRoleGroupsProperty().getName())
- .setParameter("role", roleEntity)
- .getResultList();
- }
-
- return null;
- }
-
- @SuppressWarnings("unchecked")
- public List<String> listGrantableRoles()
- {
- StringBuilder roleQuery = new StringBuilder();
-
- roleQuery.append("select r.");
- roleQuery.append(getRoleNameProperty().getName());
- roleQuery.append(" from ");
- roleQuery.append(getRoleEntityClass().getName());
- roleQuery.append(" r");
-
- if (getRoleConditionalProperty().isSet())
- {
- roleQuery.append(" where r.");
- roleQuery.append(getRoleConditionalProperty().getName());
- roleQuery.append(" = false");
- }
-
- return getEntityManager().createQuery(roleQuery.toString()).getResultList();
- }
-
- protected EntityManager getEntityManager()
- {
- EntityManager em = entityManagerInstance.get();
- em.joinTransaction();
- return em;
- }
-
- protected PasswordHash getPasswordHash()
- {
- return passwordHashInstance.get();
- }
-
- public Class<?> getUserEntityClass()
- {
- return userEntityClass;
- }
-
- public void setUserEntityClass(Class<?> userEntityClass)
- {
- this.userEntityClass = userEntityClass;
- }
-
- public Class<?> getRoleEntityClass()
- {
- return roleEntityClass;
- }
-
- public void setRoleEntityClass(Class<?> roleEntityClass)
- {
- this.roleEntityClass = roleEntityClass;
- }
-
- public Class<?> getXrefEntityClass()
- {
- return xrefEntityClass;
- }
-
- public TypedBeanProperty getXrefUserProperty()
- {
- return xrefUserProperty;
- }
-
- public TypedBeanProperty getXrefRoleProperty()
- {
- return xrefRoleProperty;
- }
-
- public AnnotatedBeanProperty<UserPrincipal> getUserPrincipalProperty()
- {
- return userPrincipalProperty;
- }
-
- public AnnotatedBeanProperty<UserPassword> getUserPasswordProperty()
- {
- return userPasswordProperty;
- }
-
- public AnnotatedBeanProperty<PasswordSalt> getPasswordSaltProperty() {
- return passwordSaltProperty;
- }
-
- public AnnotatedBeanProperty<UserRoles> getUserRolesProperty() {
- return userRolesProperty;
- }
-
- public AnnotatedBeanProperty<UserEnabled> getUserEnabledProperty() {
- return userEnabledProperty;
- }
-
- public AnnotatedBeanProperty<UserFirstName> getUserFirstNameProperty() {
- return userFirstNameProperty;
- }
-
- public AnnotatedBeanProperty<UserLastName> getUserLastNameProperty() {
- return userLastNameProperty;
- }
-
- public AnnotatedBeanProperty<RoleName> getRoleNameProperty() {
- return roleNameProperty;
- }
-
- public AnnotatedBeanProperty<RoleGroups> getRoleGroupsProperty() {
- return roleGroupsProperty;
- }
-
- public AnnotatedBeanProperty<RoleConditional> getRoleConditionalProperty() {
- return roleConditionalProperty;
- }
-}
Deleted: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/LdapIdentityStore.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/LdapIdentityStore.java 2010-05-17 19:32:28 UTC (rev 12744)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/LdapIdentityStore.java 2010-05-17 23:01:09 UTC (rev 12745)
@@ -1,1265 +0,0 @@
-package org.jboss.seam.security.management;
-
-import java.io.Serializable;
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Properties;
-import java.util.Set;
-
-import javax.enterprise.context.ApplicationScoped;
-import javax.naming.Context;
-import javax.naming.NamingEnumeration;
-import javax.naming.NamingException;
-import javax.naming.directory.Attribute;
-import javax.naming.directory.Attributes;
-import javax.naming.directory.BasicAttribute;
-import javax.naming.directory.BasicAttributes;
-import javax.naming.directory.DirContext;
-import javax.naming.directory.ModificationItem;
-import javax.naming.directory.SearchControls;
-import javax.naming.directory.SearchResult;
-import javax.naming.ldap.InitialLdapContext;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * An IdentityStore implementation that integrates with a directory service.
- *
- * @author Shane Bryzak
- */
- at ApplicationScoped
-public class LdapIdentityStore implements IdentityStore, Serializable
-{
- private static final long serialVersionUID = 1854090869689846220L;
-
- // constants for LDAP syntax 1.3.6.1.4.1.1466.115.121.1.7 (boolean)
- private static final String LDAP_BOOLEAN_TRUE = "TRUE";
- private static final String LDAP_BOOLEAN_FALSE = "FALSE";
-
- private Logger log = LoggerFactory.getLogger(LdapIdentityStore.class);
-
- protected FeatureSet featureSet = new FeatureSet();
-
- private String serverAddress = "localhost";
-
- private int serverPort = 389;
-
- private String userContextDN = "ou=Person,dc=acme,dc=com";
-
- private String userDNPrefix = "uid=";
-
- private String userDNSuffix = ",ou=Person,dc=acme,dc=com";
-
- private String roleContextDN = "ou=Role,dc=acme,dc=com";
-
- private String roleDNPrefix = "cn=";
-
- private String roleDNSuffix = ",ou=Roles,dc=acme,dc=com";
-
- private String bindDN = "cn=Manager,dc=acme,dc=com";
-
- private String bindCredentials = "secret";
-
- private String userRoleAttribute = "roles";
-
- private boolean roleAttributeIsDN = true;
-
- private String userNameAttribute = "uid";
-
- private String userPasswordAttribute = "userPassword";
-
- private String firstNameAttribute = null;
-
- private String lastNameAttribute = "sn";
-
- private String fullNameAttribute = "cn";
-
- private String enabledAttribute = null;
-
- private String roleNameAttribute = "cn";
-
- private String objectClassAttribute = "objectClass";
-
- private String[] roleObjectClasses = { "organizationalRole" };
-
- private String[] userObjectClasses = { "person", "uidObject" };
-
- private int searchScope = SearchControls.SUBTREE_SCOPE;
-
- /**
- * Time limit for LDAP searches, in milliseconds
- */
- private int searchTimeLimit = 10000;
-
- public String getServerAddress()
- {
- return serverAddress;
- }
-
- public void setServerAddress(String serverAddress)
- {
- this.serverAddress = serverAddress;
- }
-
- public int getServerPort()
- {
- return serverPort;
- }
-
- public void setServerPort(int serverPort)
- {
- this.serverPort = serverPort;
- }
-
- public String getUserContextDN()
- {
- return userContextDN;
- }
-
- public void setUserContextDN(String userContextDN)
- {
- this.userContextDN = userContextDN;
- }
-
- public String getRoleContextDN()
- {
- return roleContextDN;
- }
-
- public void setRoleContextDN(String roleContextDN)
- {
- this.roleContextDN = roleContextDN;
- }
-
- public String getUserDNPrefix()
- {
- return userDNPrefix;
- }
-
- public void setUserDNPrefix(String value)
- {
- this.userDNPrefix = value;
- }
-
- public String getUserDNSuffix()
- {
- return userDNSuffix;
- }
-
- public void setUserDNSuffix(String value)
- {
- this.userDNSuffix = value;
- }
-
- public String getRoleDNPrefix()
- {
- return roleDNPrefix;
- }
-
- public void setRoleDNPrefix(String value)
- {
- this.roleDNPrefix = value;
- }
-
- public String getRoleDNSuffix()
- {
- return roleDNSuffix;
- }
-
- public void setRoleDNSuffix(String value)
- {
- this.roleDNSuffix = value;
- }
-
- public String getBindDN()
- {
- return bindDN;
- }
-
- public void setBindDN(String bindDN)
- {
- this.bindDN = bindDN;
- }
-
- public String getBindCredentials()
- {
- return bindCredentials;
- }
-
- public void setBindCredentials(String bindCredentials)
- {
- this.bindCredentials = bindCredentials;
- }
-
- public String getUserRoleAttribute()
- {
- return userRoleAttribute;
- }
-
- public void setUserRoleAttribute(String userRoleAttribute)
- {
- this.userRoleAttribute = userRoleAttribute;
- }
-
- public boolean getRoleAttributeIsDN()
- {
- return roleAttributeIsDN;
- }
-
- public void setRoleAttributeIsDN(boolean value)
- {
- this.roleAttributeIsDN = value;
- }
-
- public String getRoleNameAttribute()
- {
- return roleNameAttribute;
- }
-
- public void setRoleNameAttribute(String roleNameAttribute)
- {
- this.roleNameAttribute = roleNameAttribute;
- }
-
- public String getUserNameAttribute()
- {
- return userNameAttribute;
- }
-
- public void setUserNameAttribute(String userNameAttribute)
- {
- this.userNameAttribute = userNameAttribute;
- }
-
- public String getUserPasswordAttribute()
- {
- return userPasswordAttribute;
- }
-
- public void setUserPasswordAttribute(String userPasswordAttribute)
- {
- this.userPasswordAttribute = userPasswordAttribute;
- }
-
- public String getFirstNameAttribute()
- {
- return firstNameAttribute;
- }
-
- public void setFirstNameAttribute(String firstNameAttribute)
- {
- this.firstNameAttribute = firstNameAttribute;
- }
-
- public String getLastNameAttribute()
- {
- return lastNameAttribute;
- }
-
- public void setLastNameAttribute(String lastNameAttribute)
- {
- this.lastNameAttribute = lastNameAttribute;
- }
-
- public String getFullNameAttribute()
- {
- return fullNameAttribute;
- }
-
- public void setFullNameAttribute(String fullNameAttribute)
- {
- this.fullNameAttribute = fullNameAttribute;
- }
-
- public String getEnabledAttribute()
- {
- return enabledAttribute;
- }
-
- public void setEnabledAttribute(String enabledAttribute)
- {
- this.enabledAttribute = enabledAttribute;
- }
-
- public String getObjectClassAttribute()
- {
- return objectClassAttribute;
- }
-
- public void setObjectClassAttribute(String objectClassAttribute)
- {
- this.objectClassAttribute = objectClassAttribute;
- }
-
- public String[] getRoleObjectClasses()
- {
- return roleObjectClasses;
- }
-
- public void setRoleObjectClass(String[] roleObjectClasses)
- {
- this.roleObjectClasses = roleObjectClasses;
- }
-
- public String[] getUserObjectClasses()
- {
- return userObjectClasses;
- }
-
- public void setUserObjectClasses(String[] userObjectClasses)
- {
- this.userObjectClasses = userObjectClasses;
- }
-
- public int getSearchTimeLimit()
- {
- return searchTimeLimit;
- }
-
- public void setSearchTimeLimit(int searchTimeLimit)
- {
- this.searchTimeLimit = searchTimeLimit;
- }
-
- public String getSearchScope()
- {
- switch (searchScope)
- {
- case SearchControls.OBJECT_SCOPE: return "OBJECT_SCOPE";
- case SearchControls.ONELEVEL_SCOPE : return "ONELEVEL_SCOPE";
- case SearchControls.SUBTREE_SCOPE : return "SUBTREE_SCOPE";
- default: return "UNKNOWN";
- }
- }
-
- public void setSearchScope(String value)
- {
- if ("OBJECT_SCOPE".equals(value))
- {
- searchScope = SearchControls.OBJECT_SCOPE;
- }
- else if ("ONELEVEL_SCOPE".equals(value))
- {
- searchScope = SearchControls.ONELEVEL_SCOPE;
- }
- else
- {
- searchScope = SearchControls.SUBTREE_SCOPE;
- if (!"SUBTREE_SCOPE".equals(value))
- {
- log.warn("Invalid search scope specified (" + value + ") - search scope set to SUBTREE_SCOPE");
- }
- }
- }
-
- public Set<Feature> getFeatures()
- {
- return featureSet.getFeatures();
- }
-
- public void setFeatures(Set<Feature> features)
- {
- featureSet = new FeatureSet(features);
- }
-
- public boolean supportsFeature(Feature feature)
- {
- return featureSet.supports(feature);
- }
-
- protected InitialLdapContext initialiseContext()
- throws NamingException
- {
- return initialiseContext(getBindDN(), getBindCredentials());
- }
-
- protected InitialLdapContext initialiseContext(String principal, String credentials)
- throws NamingException
- {
- Properties env = new Properties();
-
- env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
- env.setProperty(Context.SECURITY_AUTHENTICATION, "simple");
-
- String providerUrl = String.format("ldap://%s:%d", getServerAddress(), getServerPort());
- env.setProperty(Context.PROVIDER_URL, providerUrl);
-
- env.setProperty(Context.SECURITY_PRINCIPAL, principal);
- env.setProperty(Context.SECURITY_CREDENTIALS, credentials);
-
- InitialLdapContext ctx = new InitialLdapContext(env, null);
- return ctx;
- }
-
- protected String getUserDN(String username)
- {
- return String.format("%s%s%s", getUserDNPrefix(), username, getUserDNSuffix());
- }
-
- protected String getRoleDN(String role)
- {
- return String.format("%s%s%s", getRoleDNPrefix(), role, getRoleDNSuffix());
- }
-
- public boolean authenticate(String username, String password)
- {
- final String securityPrincipal = getUserDN(username);
-
- InitialLdapContext ctx = null;
- try
- {
- ctx = initialiseContext(securityPrincipal, password);
-
- if (getEnabledAttribute() != null)
- {
- Attributes attribs = ctx.getAttributes(securityPrincipal, new String[] { getEnabledAttribute() });
- Attribute enabledAttrib = attribs.get( getEnabledAttribute() );
- if (enabledAttrib != null)
- {
- for (int r = 0; r < enabledAttrib.size(); r++)
- {
- Object value = enabledAttrib.get(r);
- if (LDAP_BOOLEAN_TRUE.equals(value)) return true;
- }
- }
- return false;
- }
-
- return true;
- }
- catch (NamingException ex)
- {
- throw new IdentityManagementException("Authentication error", ex);
- }
- finally
- {
- if (ctx != null)
- {
- try
- {
- ctx.close();
- }
- catch (NamingException ex) {}
- }
- }
- }
-
- public boolean changePassword(String name, String password)
- {
- InitialLdapContext ctx = null;
- try
- {
- ctx = initialiseContext();
-
- BasicAttribute passwordAttrib = new BasicAttribute(getUserPasswordAttribute(), password);
- ModificationItem mod = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, passwordAttrib);
- ctx.modifyAttributes(getUserDN(name), new ModificationItem[] { mod });
-
- return true;
- }
- catch (NamingException ex)
- {
- throw new IdentityManagementException("Failed to change password", ex);
- }
- finally
- {
- if (ctx != null)
- {
- try
- {
- ctx.close();
- }
- catch (NamingException ex) {}
- }
- }
- }
-
- public boolean createRole(String role)
- {
- InitialLdapContext ctx = null;
- try
- {
- ctx = initialiseContext();
-
- Attributes roleAttribs = new BasicAttributes();
-
- BasicAttribute roleClass = new BasicAttribute(getObjectClassAttribute());
- for (String objectClass : getRoleObjectClasses())
- {
- roleClass.add(objectClass);
- }
-
- roleAttribs.put(roleClass);
- roleAttribs.put(new BasicAttribute(getRoleNameAttribute(), role));
-
- String roleDN = getRoleDN(role);
- ctx.createSubcontext(roleDN, roleAttribs);
-
- return true;
- }
- catch (NamingException ex)
- {
- throw new IdentityManagementException("Failed to create role", ex);
- }
- finally
- {
- if (ctx != null)
- {
- try
- {
- ctx.close();
- }
- catch (NamingException ex) {}
- }
- }
- }
-
- public boolean createUser(String username, String password, String firstname, String lastname)
- {
- InitialLdapContext ctx = null;
- try
- {
- ctx = initialiseContext();
-
- Attributes userAttribs = new BasicAttributes();
-
- BasicAttribute userClass = new BasicAttribute(getObjectClassAttribute());
- for (String objectClass : getUserObjectClasses())
- {
- userClass.add(objectClass);
- }
-
- userAttribs.put(userClass);
- userAttribs.put(new BasicAttribute(getUserNameAttribute(), username));
- userAttribs.put(new BasicAttribute(getUserPasswordAttribute(), password));
-
- if (getFirstNameAttribute() != null && firstname != null)
- {
- userAttribs.put(new BasicAttribute(getFirstNameAttribute(), firstname));
- }
-
- if (getLastNameAttribute() != null && lastname != null)
- {
- userAttribs.put(new BasicAttribute(getLastNameAttribute(), lastname));
- }
-
- if (getFullNameAttribute() != null && firstname != null && lastname != null)
- {
- userAttribs.put(new BasicAttribute(getFullNameAttribute(), firstname + " " + lastname));
- }
-
- if (getEnabledAttribute() != null)
- {
- userAttribs.put(new BasicAttribute(getEnabledAttribute(), LDAP_BOOLEAN_TRUE));
- }
-
- String userDN = String.format("%s=%s,%s", getUserNameAttribute(), username, getUserContextDN() );
- ctx.createSubcontext(userDN, userAttribs);
-
- return true;
- }
- catch (NamingException ex)
- {
- throw new IdentityManagementException("Failed to create user", ex);
- }
- finally
- {
- if (ctx != null)
- {
- try
- {
- ctx.close();
- }
- catch (NamingException ex) {}
- }
- }
- }
-
- public boolean createUser(String username, String password)
- {
- return createUser(username, password, null, null);
- }
-
- public boolean deleteRole(String role)
- {
- InitialLdapContext ctx = null;
- try
- {
- ctx = initialiseContext();
-
- // Delete the role entry itself
- String roleDN = String.format("%s=%s,%s", getRoleNameAttribute(), role, getRoleContextDN() );
- ctx.destroySubcontext(roleDN);
-
- // Then delete all user attributes that point to this role
- int searchScope = SearchControls.SUBTREE_SCOPE;
- int searchTimeLimit = 10000;
-
- String[] roleAttr = { getUserRoleAttribute() };
-
- SearchControls controls = new SearchControls();
- controls.setSearchScope(searchScope);
- controls.setReturningAttributes(roleAttr);
- controls.setTimeLimit(searchTimeLimit);
-
- StringBuilder roleFilter = new StringBuilder();
- Object[] filterArgs = new Object[getUserObjectClasses().length + 1];
- filterArgs[0] = roleDN;
-
- roleFilter.append("(&(");
- roleFilter.append(getUserRoleAttribute());
- roleFilter.append("={0})");
-
- for (int i = 0; i < getUserObjectClasses().length; i++)
- {
- roleFilter.append("(");
- roleFilter.append(getObjectClassAttribute());
- roleFilter.append("={");
- roleFilter.append(i + 1);
- roleFilter.append("})");
- filterArgs[i + 1] = getUserObjectClasses()[i];
- }
-
- roleFilter.append(")");
-
- NamingEnumeration<?> answer = ctx.search(getUserContextDN(), roleFilter.toString(), filterArgs, controls);
- while (answer.hasMore())
- {
- SearchResult sr = (SearchResult) answer.next();
- Attributes attrs = sr.getAttributes();
- Attribute user = attrs.get( getUserRoleAttribute() );
- user.remove(roleDN);
- ctx.modifyAttributes(sr.getNameInNamespace(), new ModificationItem[] {
- new ModificationItem(DirContext.REPLACE_ATTRIBUTE, user)});
- }
- answer.close();
-
- return true;
- }
- catch (NamingException ex)
- {
- throw new IdentityManagementException("Failed to delete role", ex);
- }
- finally
- {
- if (ctx != null)
- {
- try
- {
- ctx.close();
- }
- catch (NamingException ex) {}
- }
- }
- }
-
- public boolean roleExists(String role)
- {
- InitialLdapContext ctx = null;
- try
- {
- ctx = initialiseContext();
-
- int searchScope = SearchControls.SUBTREE_SCOPE;
- int searchTimeLimit = 10000;
-
- String[] roleAttr = { getRoleNameAttribute() };
-
- SearchControls controls = new SearchControls();
- controls.setSearchScope(searchScope);
- controls.setReturningAttributes(roleAttr);
- controls.setTimeLimit(searchTimeLimit);
-
- String roleFilter = "(&(" + getObjectClassAttribute() + "={0})(" + getRoleNameAttribute() + "={1}))";
- Object[] filterArgs = { getRoleObjectClasses(), role};
-
- NamingEnumeration<?> answer = ctx.search(getRoleContextDN(), roleFilter, filterArgs, controls);
- while (answer.hasMore())
- {
- SearchResult sr = (SearchResult) answer.next();
- Attributes attrs = sr.getAttributes();
- Attribute user = attrs.get( getRoleNameAttribute() );
-
- for (int i = 0; i < user.size(); i++)
- {
- Object value = user.get(i);
- if (role.equals(value)) return true;
- }
- }
- answer.close();
-
- return false;
- }
- catch (NamingException ex)
- {
- throw new IdentityManagementException("Error getting roles", ex);
- }
- finally
- {
- if (ctx != null)
- {
- try
- {
- ctx.close();
- }
- catch (NamingException ex) {}
- }
- }
- }
-
- public boolean deleteUser(String name)
- {
- InitialLdapContext ctx = null;
- try
- {
- ctx = initialiseContext();
-
- String userDN = getUserDN(name);
- ctx.destroySubcontext(userDN);
- return true;
- }
- catch (NamingException ex)
- {
- throw new IdentityManagementException("Failed to delete user", ex);
- }
- finally
- {
- if (ctx != null)
- {
- try
- {
- ctx.close();
- }
- catch (NamingException ex) {}
- }
- }
- }
-
- public boolean isUserEnabled(String name)
- {
- if (getEnabledAttribute() == null) return true;
-
- InitialLdapContext ctx = null;
- try
- {
- ctx = initialiseContext();
-
- String userDN = getUserDN(name);
- Attributes attribs = ctx.getAttributes(userDN, new String[] { getEnabledAttribute() });
- Attribute enabledAttrib = attribs.get( getEnabledAttribute() );
- if (enabledAttrib != null)
- {
- for (int r = 0; r < enabledAttrib.size(); r++)
- {
- Object value = enabledAttrib.get(r);
- if (LDAP_BOOLEAN_TRUE.equals(value)) return true;
- }
- }
-
- return false;
- }
- catch (NamingException ex)
- {
- throw new IdentityManagementException("Failed to delete user", ex);
- }
- finally
- {
- if (ctx != null)
- {
- try
- {
- ctx.close();
- }
- catch (NamingException ex) {}
- }
- }
- }
-
- public boolean disableUser(String name)
- {
- if (getEnabledAttribute() == null) return false;
-
- InitialLdapContext ctx = null;
- try
- {
- ctx = initialiseContext();
-
- String userDN = getUserDN(name);
- BasicAttribute enabledAttrib = new BasicAttribute(getEnabledAttribute(), LDAP_BOOLEAN_FALSE);
- ModificationItem mod = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, enabledAttrib);
-
- ctx.modifyAttributes(userDN, new ModificationItem[] { mod });
- return true;
- }
- catch (NamingException ex)
- {
- throw new IdentityManagementException("Failed to disable user", ex);
- }
- finally
- {
- if (ctx != null)
- {
- try
- {
- ctx.close();
- }
- catch (NamingException ex) {}
- }
- }
- }
-
- public boolean enableUser(String name)
- {
- if (getEnabledAttribute() == null) return false;
-
- InitialLdapContext ctx = null;
- try
- {
- ctx = initialiseContext();
-
- String userDN = getUserDN(name);
- BasicAttribute enabledAttrib = new BasicAttribute(getEnabledAttribute(), LDAP_BOOLEAN_TRUE);
- ModificationItem mod = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, enabledAttrib);
-
- ctx.modifyAttributes(userDN, new ModificationItem[] { mod });
- return true;
- }
- catch (NamingException ex)
- {
- throw new IdentityManagementException("Failed to disable user", ex);
- }
- finally
- {
- if (ctx != null)
- {
- try
- {
- ctx.close();
- }
- catch (NamingException ex) {}
- }
- }
- }
-
- public List<String> getGrantedRoles(String name)
- {
- Set<String> userRoles = new HashSet<String>();
-
- InitialLdapContext ctx = null;
- try
- {
- ctx = initialiseContext();
-
- String userFilter = "(" + getUserNameAttribute() + "={0})";
- String[] roleAttr = { getUserRoleAttribute() };
-
- SearchControls controls = new SearchControls();
- controls.setSearchScope(searchScope);
- controls.setReturningAttributes(roleAttr);
- controls.setTimeLimit(getSearchTimeLimit());
- Object[] filterArgs = {name};
-
- NamingEnumeration<?> answer = ctx.search(getUserContextDN(), userFilter, filterArgs, controls);
- while (answer.hasMore())
- {
- SearchResult sr = (SearchResult) answer.next();
- Attributes attrs = sr.getAttributes();
- Attribute roles = attrs.get( getUserRoleAttribute() );
- if (roles != null)
- {
- for (int r = 0; r < roles.size(); r++)
- {
- Object value = roles.get(r);
- String roleName = null;
- if (getRoleAttributeIsDN() == true)
- {
- String roleDN = value.toString();
- String[] returnAttribute = {getRoleNameAttribute()};
- try
- {
- Attributes result2 = ctx.getAttributes(roleDN, returnAttribute);
- Attribute roles2 = result2.get(getRoleNameAttribute());
- if( roles2 != null )
- {
- for(int m = 0; m < roles2.size(); m ++)
- {
- roleName = (String) roles2.get(m);
- userRoles.add(roleName);
- }
- }
- }
- catch (NamingException ex)
- {
- throw new IdentityManagementException("Failed to query roles", ex);
- }
- }
- else
- {
- // The role attribute value is the role name
- roleName = value.toString();
- userRoles.add(roleName);
- }
- }
- }
- }
- answer.close();
-
- return new ArrayList<String>(userRoles);
- }
- catch (NamingException ex)
- {
- throw new IdentityManagementException("Error getting roles", ex);
- }
- finally
- {
- if (ctx != null)
- {
- try
- {
- ctx.close();
- }
- catch (NamingException ex) {}
- }
- }
- }
-
- public List<String> getImpliedRoles(String name)
- {
- return getGrantedRoles(name);
- }
-
- public boolean grantRole(String name, String role)
- {
- InitialLdapContext ctx = null;
- try
- {
- ctx = initialiseContext();
-
- String userDN = getUserDN(name);
-
- BasicAttribute roleAttrib = new BasicAttribute(getUserRoleAttribute(),
- getRoleAttributeIsDN() ? getRoleDN(role) : role);
- ModificationItem mod = new ModificationItem(DirContext.ADD_ATTRIBUTE, roleAttrib);
-
- ctx.modifyAttributes(userDN, new ModificationItem[] { mod });
- return true;
- }
- catch (NamingException ex)
- {
- throw new IdentityManagementException("Failed to grant role", ex);
- }
- finally
- {
- if (ctx != null)
- {
- try
- {
- ctx.close();
- }
- catch (NamingException ex) {}
- }
- }
- }
-
- public boolean revokeRole(String name, String role)
- {
- InitialLdapContext ctx = null;
- try
- {
- ctx = initialiseContext();
- String userDN = getUserDN(name);
-
- Attributes roleAttribs = ctx.getAttributes(userDN, new String[] { getUserRoleAttribute() });
- Attribute roleAttrib = roleAttribs.get( getUserRoleAttribute() );
- if (roleAttrib != null)
- {
- boolean modified = false;
- for (int i = roleAttrib.size() - 1; i >= 0; i--)
- {
- if (getRoleAttributeIsDN())
- {
- Attributes attribs = ctx.getAttributes((String) roleAttrib.get(i),
- new String[] { getRoleNameAttribute() });
- Attribute roleNameAttrib = attribs.get( getRoleNameAttribute() );
- for (int j = 0; j < roleNameAttrib.size(); j++)
- {
- if (role.equals(roleNameAttrib.get(j)))
- {
- modified = true;
- roleAttrib.remove(i);
- }
- }
- }
- else if (role.equals(roleAttrib.get(i)))
- {
- modified = true;
- roleAttrib.remove(i);
- }
- }
-
- if (modified)
- {
- ModificationItem mod = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, roleAttrib);
- ctx.modifyAttributes(userDN, new ModificationItem[] { mod });
- }
- }
- }
- catch (NamingException ex)
- {
- throw new IdentityManagementException("Failed to grant role", ex);
- }
- finally
- {
- if (ctx != null)
- {
- try
- {
- ctx.close();
- }
- catch (NamingException ex) {}
- }
- }
-
- return false;
- }
-
- public List<String> listRoles()
- {
- List<String> roles = new ArrayList<String>();
-
- InitialLdapContext ctx = null;
- try
- {
- ctx = initialiseContext();
-
- String[] roleAttr = { getRoleNameAttribute() };
-
- SearchControls controls = new SearchControls();
- controls.setSearchScope(searchScope);
- controls.setReturningAttributes(roleAttr);
- controls.setTimeLimit(getSearchTimeLimit());
-
- StringBuilder roleFilter = new StringBuilder();
-
- Object[] filterArgs = new Object[getRoleObjectClasses().length];
- for (int i = 0; i < getRoleObjectClasses().length; i++)
- {
- roleFilter.append("(");
- roleFilter.append(getObjectClassAttribute());
- roleFilter.append("={");
- roleFilter.append(i);
- roleFilter.append("})");
- filterArgs[i] = getRoleObjectClasses()[i];
- }
-
- NamingEnumeration<?> answer = ctx.search( getRoleContextDN(), roleFilter.toString(),
- filterArgs, controls);
- while (answer.hasMore())
- {
- SearchResult sr = (SearchResult) answer.next();
- Attributes attrs = sr.getAttributes();
- Attribute user = attrs.get( getRoleNameAttribute() );
-
- for (int i = 0; i < user.size(); i++)
- {
- Object value = user.get(i);
- roles.add(value.toString());
- }
- }
- answer.close();
- return roles;
- }
- catch (NamingException ex)
- {
- throw new IdentityManagementException("Error getting roles", ex);
- }
- finally
- {
- if (ctx != null)
- {
- try
- {
- ctx.close();
- }
- catch (NamingException ex) {}
- }
- }
- }
-
-
- public List<String> listGrantableRoles()
- {
- return listRoles();
- }
-
- public List<String> listUsers()
- {
- return listUsers(null);
- }
-
- public List<String> listUsers(String filter)
- {
- List<String> users = new ArrayList<String>();
-
- InitialLdapContext ctx = null;
- try
- {
- ctx = initialiseContext();
-
- String[] userAttr = {getUserNameAttribute()};
-
- SearchControls controls = new SearchControls();
- controls.setSearchScope(searchScope);
- controls.setReturningAttributes(userAttr);
- controls.setTimeLimit(getSearchTimeLimit());
-
- StringBuilder userFilter = new StringBuilder("(&");
-
- Object[] filterArgs = new Object[getUserObjectClasses().length];
- for (int i = 0; i < getUserObjectClasses().length; i++)
- {
- userFilter.append("(");
- userFilter.append(getObjectClassAttribute());
- userFilter.append("={");
- userFilter.append(i);
- userFilter.append("})");
- filterArgs[i] = getUserObjectClasses()[i];
- }
-
- userFilter.append(")");
-
- NamingEnumeration<?> answer = ctx.search(getUserContextDN(), userFilter.toString(), filterArgs, controls);
- while (answer.hasMore())
- {
- SearchResult sr = (SearchResult) answer.next();
- Attributes attrs = sr.getAttributes();
- Attribute user = attrs.get(getUserNameAttribute());
-
- for (int i = 0; i < user.size(); i++)
- {
- Object value = user.get(i);
-
- if (filter != null)
- {
- if (value.toString().toLowerCase().contains(filter.toLowerCase()))
- {
- users.add(value.toString());
- }
- }
- else
- {
- users.add(value.toString());
- }
- }
- }
- answer.close();
- return users;
- }
- catch (NamingException ex)
- {
- throw new IdentityManagementException("Error getting users", ex);
- }
- finally
- {
- if (ctx != null)
- {
- try
- {
- ctx.close();
- }
- catch (NamingException ex) {}
- }
- }
- }
-
- public boolean userExists(String name)
- {
- InitialLdapContext ctx = null;
- try
- {
- ctx = initialiseContext();
-
- String[] userAttr = {getUserNameAttribute()};
-
- SearchControls controls = new SearchControls();
- controls.setSearchScope(searchScope);
- controls.setReturningAttributes(userAttr);
- controls.setTimeLimit(getSearchTimeLimit());
-
- StringBuilder userFilter = new StringBuilder();
-
- Object[] filterArgs = new Object[getUserObjectClasses().length];
- for (int i = 0; i < getUserObjectClasses().length; i++)
- {
- userFilter.append("(");
- userFilter.append(getObjectClassAttribute());
- userFilter.append("={");
- userFilter.append(i);
- userFilter.append("})");
- filterArgs[i] = getUserObjectClasses()[i];
- }
-
- NamingEnumeration<?> answer = ctx.search(getUserContextDN(), userFilter.toString(), filterArgs, controls);
- while (answer.hasMore())
- {
- SearchResult sr = (SearchResult) answer.next();
- Attributes attrs = sr.getAttributes();
- Attribute user = attrs.get(getUserNameAttribute());
-
- for (int i = 0; i < user.size(); i++)
- {
- Object value = user.get(i);
- if (name.equals(value))
- {
- answer.close();
- return true;
- }
- }
- }
- answer.close();
- return false;
- }
- catch (NamingException ex)
- {
- throw new IdentityManagementException("Error getting users", ex);
- }
- finally
- {
- if (ctx != null)
- {
- try
- {
- ctx.close();
- }
- catch (NamingException ex) {}
- }
- }
- }
-
- public List<String> getRoleGroups(String name)
- {
- // TODO Auto-generated method stub
- return null;
- }
-
- public List<Principal> listMembers(String role)
- {
- // TODO implement
- return null;
- }
-
- public boolean addRoleToGroup(String role, String group)
- {
- // TODO Auto-generated method stub
- return false;
- }
-
- public boolean removeRoleFromGroup(String role, String group)
- {
- // TODO Auto-generated method stub
- return false;
- }
-}
Deleted: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/PicketLinkIdentityStore.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/PicketLinkIdentityStore.java 2010-05-17 19:32:28 UTC (rev 12744)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/PicketLinkIdentityStore.java 2010-05-17 23:01:09 UTC (rev 12745)
@@ -1,160 +0,0 @@
-package org.jboss.seam.security.management;
-
-import java.security.Principal;
-import java.util.List;
-
-public class PicketLinkIdentityStore implements IdentityStore
-{
-
- public boolean addRoleToGroup(String role, String group)
- {
- // TODO Auto-generated method stub
- return false;
- }
-
- public boolean authenticate(String username, String password)
- {
- // TODO Auto-generated method stub
- return false;
- }
-
- public boolean changePassword(String name, String password)
- {
- // TODO Auto-generated method stub
- return false;
- }
-
- public boolean createRole(String role)
- {
- // TODO Auto-generated method stub
- return false;
- }
-
- public boolean createUser(String username, String password)
- {
- // TODO Auto-generated method stub
- return false;
- }
-
- public boolean createUser(String username, String password,
- String firstname, String lastname)
- {
- // TODO Auto-generated method stub
- return false;
- }
-
- public boolean deleteRole(String role)
- {
- // TODO Auto-generated method stub
- return false;
- }
-
- public boolean deleteUser(String name)
- {
- // TODO Auto-generated method stub
- return false;
- }
-
- public boolean disableUser(String name)
- {
- // TODO Auto-generated method stub
- return false;
- }
-
- public boolean enableUser(String name)
- {
- // TODO Auto-generated method stub
- return false;
- }
-
- public List<String> getGrantedRoles(String name)
- {
- // TODO Auto-generated method stub
- return null;
- }
-
- public List<String> getImpliedRoles(String name)
- {
- // TODO Auto-generated method stub
- return null;
- }
-
- public List<String> getRoleGroups(String name)
- {
- // TODO Auto-generated method stub
- return null;
- }
-
- public boolean grantRole(String name, String role)
- {
- // TODO Auto-generated method stub
- return false;
- }
-
- public boolean isUserEnabled(String name)
- {
- // TODO Auto-generated method stub
- return false;
- }
-
- public List<String> listGrantableRoles()
- {
- // TODO Auto-generated method stub
- return null;
- }
-
- public List<Principal> listMembers(String role)
- {
- // TODO Auto-generated method stub
- return null;
- }
-
- public List<String> listRoles()
- {
- // TODO Auto-generated method stub
- return null;
- }
-
- public List<String> listUsers()
- {
- // TODO Auto-generated method stub
- return null;
- }
-
- public List<String> listUsers(String filter)
- {
- // TODO Auto-generated method stub
- return null;
- }
-
- public boolean removeRoleFromGroup(String role, String group)
- {
- // TODO Auto-generated method stub
- return false;
- }
-
- public boolean revokeRole(String name, String role)
- {
- // TODO Auto-generated method stub
- return false;
- }
-
- public boolean roleExists(String name)
- {
- // TODO Auto-generated method stub
- return false;
- }
-
- public boolean supportsFeature(Feature feature)
- {
- // TODO Auto-generated method stub
- return false;
- }
-
- public boolean userExists(String name)
- {
- // TODO Auto-generated method stub
- return false;
- }
-
-}
Modified: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/action/RoleAction.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/action/RoleAction.java 2010-05-17 19:32:28 UTC (rev 12744)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/action/RoleAction.java 2010-05-17 23:01:09 UTC (rev 12745)
@@ -19,7 +19,6 @@
private String originalRole;
private String role;
- private List<String> groups;
@Inject IdentityManager identityManager;
@Inject Conversation conversation;
@@ -27,7 +26,6 @@
public void createRole()
{
conversation.begin();
- groups = new ArrayList<String>();
}
public void editRole(String role)
@@ -36,14 +34,13 @@
this.originalRole = role;
this.role = role;
- groups = identityManager.getRoleGroups(role);
}
public String save()
{
if (role != null && originalRole != null && !role.equals(originalRole))
{
- identityManager.deleteRole(originalRole);
+ //identityManager.deleteRole(originalRole);
}
if (identityManager.roleExists(role))
@@ -58,9 +55,10 @@
private String saveNewRole()
{
- boolean success = identityManager.createRole(role);
+ // TODO rewrite
+ //boolean success = identityManager.createRole(role);
- if (success)
+ /*if (success)
{
for (String r : groups)
{
@@ -68,14 +66,15 @@
}
conversation.end();
- }
+ }*/
return "success";
}
private String saveExistingRole()
{
- List<String> grantedRoles = identityManager.getRoleGroups(role);
+ // TODO rewrite
+ /*List<String> grantedRoles = identityManager.getRoleGroups(role);
if (grantedRoles != null)
{
@@ -88,7 +87,7 @@
for (String r : groups)
{
if (grantedRoles == null || !grantedRoles.contains(r)) identityManager.addRoleToGroup(role, r);
- }
+ }*/
conversation.end();
return "success";
@@ -111,13 +110,4 @@
this.role = role;
}
- public List<String> getGroups()
- {
- return groups;
- }
-
- public void setGroups(List<String> groups)
- {
- this.groups = groups;
- }
}
\ No newline at end of file
Modified: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/action/UserAction.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/action/UserAction.java 2010-05-17 19:32:28 UTC (rev 12744)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/action/UserAction.java 2010-05-17 23:01:09 UTC (rev 12745)
@@ -10,6 +10,7 @@
import javax.inject.Named;
import org.jboss.seam.security.management.IdentityManager;
+import org.picketlink.idm.api.Role;
/**
* A conversation-scoped component for creating and managing user accounts
@@ -27,7 +28,7 @@
private String username;
private String password;
private String confirm;
- private List<String> roles;
+ private List<Role> roles;
private boolean enabled;
private boolean newUserFlag;
@@ -38,7 +39,7 @@
public void createUser()
{
conversation.begin();
- roles = new ArrayList<String>();
+ roles = new ArrayList<Role>();
newUserFlag = true;
}
@@ -46,7 +47,7 @@
{
conversation.begin();
this.username = username;
- roles = identityManager.getGrantedRoles(username);
+ //roles = identityManager.getGrantedRoles(username);
enabled = identityManager.isUserEnabled(username);
newUserFlag = false;
}
@@ -72,14 +73,14 @@
return "failure";
}
- boolean success = identityManager.createUser(username, password, firstname, lastname);
+ boolean success = identityManager.createUser(username, password);
if (success)
{
- for (String role : roles)
+ /*for (String role : roles)
{
identityManager.grantRole(username, role);
- }
+ }*/
if (!enabled)
{
@@ -111,21 +112,22 @@
}
}
- List<String> grantedRoles = identityManager.getGrantedRoles(username);
+ List<Role> grantedRoles = identityManager.getGrantedRoles(username);
if (grantedRoles != null)
{
- for (String role : grantedRoles)
+ for (Role role : grantedRoles)
{
- if (!roles.contains(role)) identityManager.revokeRole(username, role);
+ if (!roles.contains(role)) identityManager.revokeRole(username,
+ role.getRoleType().getName(), role.getGroup());
}
}
- for (String role : roles)
+ for (Role role : roles)
{
if (grantedRoles == null || !grantedRoles.contains(role))
{
- identityManager.grantRole(username, role);
+ identityManager.grantRole(username, role.getRoleType().getName(), role.getGroup());
}
}
@@ -192,12 +194,12 @@
this.confirm = confirm;
}
- public List<String> getRoles()
+ public List<Role> getRoles()
{
return roles;
}
- public void setRoles(List<String> roles)
+ public void setRoles(List<Role> roles)
{
this.roles = roles;
}
Modified: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/action/UserSearch.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/action/UserSearch.java 2010-05-17 19:32:28 UTC (rev 12744)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/action/UserSearch.java 2010-05-17 23:01:09 UTC (rev 12745)
@@ -29,16 +29,17 @@
public String getUserRoles(String username)
{
- List<String> roles = identityManager.getGrantedRoles(username);
+ // TODO rewrite
+ //List<String> roles = identityManager.getGrantedRoles(username);
- if (roles == null) return "";
+ //if (roles == null) return "";
StringBuilder sb = new StringBuilder();
- for (String role : roles)
- {
- sb.append((sb.length() > 0 ? ", " : "") + role);
- }
+ //for (String role : roles)
+ //{
+ // sb.append((sb.length() > 0 ? ", " : "") + role);
+ //}
return sb.toString();
}
Added: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/picketlink/IdentityConfigurationMetaDataProducer.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/picketlink/IdentityConfigurationMetaDataProducer.java (rev 0)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/picketlink/IdentityConfigurationMetaDataProducer.java 2010-05-17 23:01:09 UTC (rev 12745)
@@ -0,0 +1,22 @@
+package org.jboss.seam.security.management.picketlink;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.enterprise.inject.Produces;
+
+import org.picketlink.idm.impl.configuration.metadata.IdentityConfigurationMetaDataImpl;
+import org.picketlink.idm.spi.configuration.metadata.IdentityConfigurationMetaData;
+
+/**
+ * Produces the configuration metadata for PicketLink IDM
+ *
+ * @author Shane Bryzak
+ */
+ at ApplicationScoped
+public class IdentityConfigurationMetaDataProducer
+{
+ @Produces @ApplicationScoped IdentityConfigurationMetaData createConfig()
+ {
+ // TODO needs actual configuration, realms, identity stores, etc
+ return new IdentityConfigurationMetaDataImpl();
+ }
+}
Added: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/picketlink/IdentitySessionProducer.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/picketlink/IdentitySessionProducer.java (rev 0)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/picketlink/IdentitySessionProducer.java 2010-05-17 23:01:09 UTC (rev 12745)
@@ -0,0 +1,49 @@
+package org.jboss.seam.security.management.picketlink;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.enterprise.context.RequestScoped;
+import javax.enterprise.inject.Produces;
+import javax.inject.Inject;
+
+import org.picketlink.idm.api.IdentitySession;
+import org.picketlink.idm.api.IdentitySessionFactory;
+import org.picketlink.idm.common.exception.IdentityException;
+import org.picketlink.idm.impl.api.IdentitySessionFactoryImpl;
+import org.picketlink.idm.spi.configuration.metadata.IdentityConfigurationMetaData;
+
+/**
+ * Produces IdentitySession instances for identity management-related operations
+ *
+ * @author Shane Bryzak
+ */
+ at ApplicationScoped
+public class IdentitySessionProducer
+{
+ private IdentitySessionFactory factory;
+
+ private String defaultRealm;
+
+ @Inject IdentityConfigurationMetaData config;
+
+ @Inject
+ public void init()
+ {
+ factory = new IdentitySessionFactoryImpl(config, null);
+ }
+
+ @Produces @RequestScoped IdentitySession createIdentitySession()
+ throws IdentityException
+ {
+ return factory.createIdentitySession(getDefaultRealm());
+ }
+
+ public String getDefaultRealm()
+ {
+ return defaultRealm;
+ }
+
+ public void setDefaultRealm(String defaultRealm)
+ {
+ this.defaultRealm = defaultRealm;
+ }
+}
Copied: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/picketlink/PicketLinkIdentityStore.java (from rev 12734, modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/PicketLinkIdentityStore.java)
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/picketlink/PicketLinkIdentityStore.java (rev 0)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/management/picketlink/PicketLinkIdentityStore.java 2010-05-17 23:01:09 UTC (rev 12745)
@@ -0,0 +1,254 @@
+package org.jboss.seam.security.management.picketlink;
+
+import java.util.List;
+
+import javax.enterprise.context.Dependent;
+import javax.inject.Inject;
+
+import org.jboss.seam.security.management.IdentityStore;
+import org.picketlink.idm.api.Group;
+import org.picketlink.idm.api.IdentitySession;
+import org.picketlink.idm.api.IdentityType;
+import org.picketlink.idm.api.PersistenceManager;
+import org.picketlink.idm.api.Role;
+
+ at Dependent
+public class PicketLinkIdentityStore implements IdentityStore
+{
+ @Inject IdentitySession identitySession;
+
+ public boolean createGroup(String name)
+ {
+ // TODO Auto-generated method stub
+ PersistenceManager pm = identitySession.getPersistenceManager();
+
+ return false;
+ }
+
+
+
+ public boolean addUserToGroup(String username, Group group)
+ {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+
+
+ public boolean authenticate(String username, String password)
+ {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+
+
+ public boolean changePassword(String username, String password)
+ {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+
+
+ public boolean createGroup(String name, String groupType)
+ {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+
+
+ public boolean createRoleType(String roleType)
+ {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+
+
+ public boolean createUser(String username, String password)
+ {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+
+
+ public boolean createUser(String username, String password,
+ String firstname, String lastname)
+ {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+
+
+ public boolean deleteGroup(String name, String groupType)
+ {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+
+
+ public boolean deleteRoleType(String roleType)
+ {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+
+
+ public boolean deleteUser(String username)
+ {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+
+
+ public boolean disableUser(String username)
+ {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+
+
+ public boolean enableUser(String username)
+ {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+
+
+ public Group findGroup(String name, String groupType)
+ {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+
+
+ public List<String> findUsers()
+ {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+
+
+ public List<String> findUsers(String filter)
+ {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+
+
+ public boolean grantRole(String username, String roleType, Group group)
+ {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+
+
+ public boolean isUserEnabled(String username)
+ {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+
+
+ public List<String> listGrantableRoleTypes()
+ {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+
+
+ public List<Role> listGrantedRoles(String username)
+ {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+
+
+ public List<IdentityType> listGroupMembers(Group group)
+ {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+
+
+ public List<Role> listImpliedRoles(String username)
+ {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+
+
+ public List<IdentityType> listRoleMembers(String roleType, Group group)
+ {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+
+
+ public List<String> listRoleTypes()
+ {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+
+
+ public boolean removeUserFromGroup(String username, Group group)
+ {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+
+
+ public boolean revokeRole(String username, String roleType, Group group)
+ {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+
+
+ public boolean roleTypeExists(String roleType)
+ {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+
+
+ public boolean supportsFeature(Feature feature)
+ {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+
+
+ public boolean userExists(String username)
+ {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+
+}
Modified: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/JpaPermissionStore.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/JpaPermissionStore.java 2010-05-17 19:32:28 UTC (rev 12744)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/JpaPermissionStore.java 2010-05-17 23:01:09 UTC (rev 12745)
@@ -16,15 +16,14 @@
import javax.persistence.EntityManager;
import javax.persistence.Query;
-import org.jboss.seam.security.Role;
+import org.jboss.seam.security.RoleImpl;
import org.jboss.seam.security.annotations.permission.PermissionAction;
import org.jboss.seam.security.annotations.permission.PermissionDiscriminator;
import org.jboss.seam.security.annotations.permission.PermissionRole;
import org.jboss.seam.security.annotations.permission.PermissionTarget;
import org.jboss.seam.security.annotations.permission.PermissionUser;
import org.jboss.seam.security.management.IdentityManager;
-import org.jboss.seam.security.management.JpaIdentityStore;
-import org.jboss.seam.security.management.LdapIdentityStore;
+//import org.jboss.seam.security.management.JpaIdentityStore;
import org.jboss.seam.security.permission.PermissionMetadata.ActionSet;
import org.jboss.seam.security.util.AnnotatedBeanProperty;
import org.slf4j.Logger;
@@ -40,7 +39,7 @@
{
private static final long serialVersionUID = 4764590939669047915L;
- private Logger log = LoggerFactory.getLogger(LdapIdentityStore.class);
+ private Logger log = LoggerFactory.getLogger(JpaPermissionStore.class);
protected enum Discrimination { user, role, either }
@@ -266,7 +265,7 @@
protected boolean updatePermissionActions(Object target, Principal recipient, String[] actions,
boolean set)
{
- boolean recipientIsRole = recipient instanceof Role;
+ boolean recipientIsRole = recipient instanceof RoleImpl;
try
{
@@ -529,10 +528,11 @@
*/
protected Object resolvePrincipalEntity(Principal recipient)
{
- boolean recipientIsRole = recipient instanceof Role;
+ boolean recipientIsRole = recipient instanceof RoleImpl;
- if (identityManager.getIdentityStore() != null &&
- identityManager.getIdentityStore() instanceof JpaIdentityStore)
+ if (identityManager.getIdentityStore() != null //&&
+ //identityManager.getIdentityStore() instanceof JpaIdentityStore)
+ )
{
// TODO review this code
@@ -540,7 +540,9 @@
//roleProperty.getPropertyType().equals(config.getRoleEntityClass()))
)
{
- return ((JpaIdentityStore) identityManager.getIdentityStore()).lookupRole(recipient.getName());
+ // TODO re-enable this
+ //return ((JpaIdentityStore) identityManager.getIdentityStore()).lookupRole(recipient.getName());
+ return null;
}
//else if (userProperty.getPropertyType().equals(config.getUserEntityClass()))
//{
Modified: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/PersistentPermissionResolver.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/PersistentPermissionResolver.java 2010-05-17 19:32:28 UTC (rev 12744)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/PersistentPermissionResolver.java 2010-05-17 23:01:09 UTC (rev 12745)
@@ -9,7 +9,7 @@
import javax.inject.Inject;
import org.jboss.seam.security.Identity;
-import org.jboss.seam.security.Role;
+import org.jboss.seam.security.RoleImpl;
import org.jboss.seam.security.SimplePrincipal;
/**
@@ -55,18 +55,19 @@
return true;
}
- if (permission.getRecipient() instanceof Role)
+ if (permission.getRecipient() instanceof RoleImpl)
{
- Role role = (Role) permission.getRecipient();
+ RoleImpl role = (RoleImpl) permission.getRecipient();
- if (role.isConditional())
+ // TODO fix this
+ /*if (role.isConditional())
{
- if (ruleBasedPermissionResolver.checkConditionalRole(role.getName(), target, action)) return true;
+ if (ruleBasedPermissionResolver.checkConditionalRole(role.getRoleType(), target, action)) return true;
}
- else if (identity.hasRole(role.getName()))
+ else if (identity.hasRole(role.getRoleType()))
{
return true;
- }
+ }*/
}
}
@@ -99,10 +100,12 @@
break;
}
- if (permission.getRecipient() instanceof Role)
+ if (permission.getRecipient() instanceof RoleImpl)
{
- Role role = (Role) permission.getRecipient();
+ RoleImpl role = (RoleImpl) permission.getRecipient();
+ // TODO fix this
+ /*
if (role.isConditional())
{
if (ruleBasedPermissionResolver.checkConditionalRole(role.getName(), target, action))
@@ -111,11 +114,11 @@
break;
}
}
- else if (identity.hasRole(role.getName()))
+ else if (identity.hasRole(role.getRoleType()))
{
iter.remove();
break;
- }
+ }*/
}
}
}
Modified: modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/RuleBasedPermissionResolver.java
===================================================================
--- modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/RuleBasedPermissionResolver.java 2010-05-17 19:32:28 UTC (rev 12744)
+++ modules/security/trunk/impl/src/main/java/org/jboss/seam/security/permission/RuleBasedPermissionResolver.java 2010-05-17 23:01:09 UTC (rev 12745)
@@ -23,7 +23,7 @@
//import org.jboss.seam.drools.SeamGlobalResolver;
import org.jboss.seam.security.Identity;
import org.jboss.seam.security.IdentityImpl;
-import org.jboss.seam.security.Role;
+import org.jboss.seam.security.RoleImpl;
import org.jboss.seam.security.events.PostLoggedOutEvent;
import org.jboss.seam.security.events.PostAuthenticateEvent;
import org.slf4j.Logger;
@@ -217,10 +217,15 @@
Principal role = (Principal) e.nextElement();
boolean found = false;
- Iterator<?> iter = getSecurityContext().getObjects(new ClassObjectFilter(Role.class)).iterator();
+ Iterator<?> iter = getSecurityContext().getObjects(
+ new ClassObjectFilter(RoleImpl.class)).iterator();
+
+ // TODO fix
+ /*
while (iter.hasNext())
{
- Role r = (Role) iter.next();
+ RoleImpl r = (RoleImpl) iter.next();
+ // TODO fix
if (r.getName().equals(role.getName()))
{
found = true;
@@ -230,22 +235,24 @@
if (!found)
{
- getSecurityContext().insert(new Role(role.getName()));
- }
+ getSecurityContext().insert(new RoleImpl(role.getName()));
+ }*/
}
}
}
- Iterator<?> iter = getSecurityContext().getObjects(new ClassObjectFilter(Role.class)).iterator();
+ Iterator<?> iter = getSecurityContext().getObjects(new ClassObjectFilter(RoleImpl.class)).iterator();
while (iter.hasNext())
{
- Role r = (Role) iter.next();
- if (!identity.hasRole(r.getName()))
+ RoleImpl r = (RoleImpl) iter.next();
+
+ // TODO fix
+ /*if (!identity.hasRole(r.getName()))
{
FactHandle fh = getSecurityContext().getFactHandle(r);
getSecurityContext().retract(fh);
- }
+ }*/
}
}
}
More information about the seam-commits
mailing list