[prev in list] [next in list] [prev in thread] [next in thread]
List: jboss-cvs-commits
Subject: [jboss-cvs] jboss-seam/src/main/org/jboss/seam/security ...
From: Shane_Bryzak () symantec ! com (Shane Bryzak)
Date: 2007-01-24 11:48:54
Message-ID: E1H4SrO-0008A8-Hb () committer01 ! frg ! pub ! inap ! atl ! jboss ! com
[Download RAW message or body]
User: sbryzak2
Date: 07/01/09 21:06:38
Modified: src/main/org/jboss/seam/security Identity.java
SeamSecurityManager.java
Log:
support for role memberships, added explicit permissions to working memory
Revision Changes Path
1.11 +2 -0 jboss-seam/src/main/org/jboss/seam/security/Identity.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: Identity.java
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/src/main/org/jboss/seam/security/Identity.java,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -b -r1.10 -r1.11
--- Identity.java 9 Jan 2007 11:50:37 -0000 1.10
+++ Identity.java 10 Jan 2007 02:06:38 -0000 1.11
@@ -21,6 +21,8 @@
@Install(precedence = BUILT_IN, dependencies = "org.jboss.seam.securityManager")
public class Identity implements Serializable
{
+ private static final long serialVersionUID = 3751659008033189259L;
+
protected Principal principal;
protected Subject subject;
1.36 +107 -24 jboss-seam/src/main/org/jboss/seam/security/SeamSecurityManager.java
(In the diff below, changes in quantity of whitespace are not shown.)
Index: SeamSecurityManager.java
===================================================================
RCS file: /cvsroot/jboss/jboss-seam/src/main/org/jboss/seam/security/SeamSecurityManager.java,v
retrieving revision 1.35
retrieving revision 1.36
diff -u -b -r1.35 -r1.36
--- SeamSecurityManager.java 8 Jan 2007 12:48:00 -0000 1.35
+++ SeamSecurityManager.java 10 Jan 2007 02:06:38 -0000 1.36
@@ -6,9 +6,16 @@
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
+import java.security.Principal;
+import java.security.acl.Group;
+import java.security.acl.Permission;
import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.HashSet;
import java.util.List;
+import java.util.Set;
+import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
@@ -38,6 +45,7 @@
import org.jboss.seam.log.LogProvider;
import org.jboss.seam.log.Logging;
import org.jboss.seam.security.config.SecurityConfiguration;
+import org.jboss.seam.security.config.SecurityConfiguration.Role;
import org.jboss.seam.security.rules.PermissionCheck;
import org.jboss.seam.util.Resources;
@@ -183,34 +191,43 @@
if (!Contexts.isSessionContextActive())
throw new IllegalStateException("No active session context found.");
- WorkingMemory wm;
-
if (Contexts.getSessionContext().isSet(SECURITY_CONTEXT_NAME))
- wm = (WorkingMemory) Contexts.getSessionContext().get(SECURITY_CONTEXT_NAME);
+ return (WorkingMemory) Contexts.getSessionContext().get(SECURITY_CONTEXT_NAME);
else
{
- wm = securityRules.newWorkingMemory();
- Contexts.getSessionContext().set(SECURITY_CONTEXT_NAME, wm);
- }
+ WorkingMemory wm = securityRules.newWorkingMemory();
- // TODO - Re the following; don't assert the Identity, instead assert its
- // Principals/Roles ?
+ if (Identity.instance().isLoggedIn())
+ {
+ for (Principal p : Identity.instance().getSubject().getPrincipals())
+ {
+ wm.assertObject(p);
- // Assert the identity into the working memory if one exists and it hasn't
- // been asserted before
- if (wm.getObjects(Identity.instance().getClass()).isEmpty())
+ if (p instanceof Group && "roles".equals(((Group) p).getName()))
{
- wm.assertObject(Identity.instance());
+ SecurityConfiguration config = SecurityConfiguration.instance();
- // TODO roles no longer come from the identity
-// for (Role r : ident.getRoles())
-// wm.assertObject(r);
+ Enumeration e = ((Group) p).members();
+ while (e.hasMoreElements())
+ {
+ Principal role = (Principal) e.nextElement();
+
+ Role r = config.getSecurityRole(role.getName());
+ for (Permission perm : r.getPermissions())
+ {
+ wm.assertObject(perm);
+ }
+ }
+ }
+ }
- // TODO Assert the Identity's explicit permissions also? */
+ // Only set the security context if the user is already logged in
+ Contexts.getSessionContext().set(SECURITY_CONTEXT_NAME, wm);
}
return wm;
}
+ }
public LoginContext createLoginContext()
throws LoginException
@@ -223,7 +240,73 @@
{
return new LoginContext(SecurityConfiguration.LOGIN_MODULE_NAME,
Identity.instance().getSubject(), cbHandler,
- SecurityConfiguration.instance().getLoginModuleConfiguration());
+ SecurityConfiguration.instance().getLoginModuleConfiguration()) {
+ @Override public void login() throws LoginException {
+ super.login();
+ populateRoles(this.getSubject());
+ }
+ };
+ }
+
+ /**
+ * Populates the specified subject's roles with any inherited roles
+ * according to the role memberships contained within the current
+ * SecurityConfiguration
+ *
+ * @param ctx The subject containing the role group.
+ */
+ private void populateRoles(Subject subject)
+ {
+ for (SimpleGroup grp : subject.getPrincipals(SimpleGroup.class))
+ {
+ if ("roles".equals(grp.getName()))
+ {
+ Set<Principal> memberships = new HashSet<Principal>();
+ SecurityConfiguration config = SecurityConfiguration.instance();
+
+ Enumeration e = grp.members();
+ while (e.hasMoreElements())
+ {
+ Principal role = (Principal) e.nextElement();
+ addRoleMemberships(memberships, role.getName(), config);
+ }
+
+ for (Principal r : memberships)
+ grp.addMember(r);
+
+ break;
+ }
+ }
+ }
+
+ /**
+ * Recursively adds role memberships to the specified role set, for the
+ * specified role name. The security configuration is passed in each time
+ * so that a context lookup doesn't need to take place each time.
+ *
+ * @param roles The set that role memberships are to be added to
+ * @param roleName The name of the role to add memberships for
+ * @param config The security configuration
+ */
+ private void addRoleMemberships(Set<Principal> roles, String roleName,
+ SecurityConfiguration config)
+ {
+ // Retrieve the role configuration
+ Role role = config.getSecurityRole(roleName);
+
+ // For each of the role's configured memberships, check if the roles
+ // parameter already contains the membership. If it doesn't add it,
+ // and make a recursive call to add the membership role's memberships.
+ for (String membership : role.getMemberships())
+ {
+ SimplePrincipal r = new SimplePrincipal(membership);
+ if (!roles.contains(r))
+ {
+ roles.add(r);
+ addRoleMemberships(roles, membership, config);
+ }
+ }
+
}
public CallbackHandler createCallbackHandler(final String username,
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic