You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by lo...@apache.org on 2016/04/08 16:44:02 UTC
svn commit: r1738254 - in /myfaces/tobago/branches/tobago-3.0.x: ./
tobago-core/
tobago-core/src/main/java/org/apache/myfaces/tobago/internal/component/
tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/component/
tobago-core/src/main...
Author: lofwyr
Date: Fri Apr 8 14:44:02 2016
New Revision: 1738254
URL: http://svn.apache.org/viewvc?rev=1738254&view=rev
Log:
TOBAGO-1554 Tobago security should be integrated to tobago-core.jar
* implementation moved to core
TOBAGO-1553: Tobago security which checks annotations should support CDI
Added:
myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/declaration/IsDisabledBySecurity.java
- copied, changed from r1737931, myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/declaration/IsDisabled.java
myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/util/AuthorizationHelper.java
Modified:
myfaces/tobago/branches/tobago-3.0.x/pom.xml
myfaces/tobago/branches/tobago-3.0.x/tobago-core/pom.xml
myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/component/AbstractUICommand.java
myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/component/AbstractUILink.java
myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/component/ButtonTagDeclaration.java
myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/component/CommandTagDeclaration.java
myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/component/LinkTagDeclaration.java
myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/component/MenuCommandTagDeclaration.java
myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/component/ToolBarCommandTagDeclaration.java
myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/component/TreeCommandTagDeclaration.java
Modified: myfaces/tobago/branches/tobago-3.0.x/pom.xml
URL: http://svn.apache.org/viewvc/myfaces/tobago/branches/tobago-3.0.x/pom.xml?rev=1738254&r1=1738253&r2=1738254&view=diff
==============================================================================
--- myfaces/tobago/branches/tobago-3.0.x/pom.xml (original)
+++ myfaces/tobago/branches/tobago-3.0.x/pom.xml Fri Apr 8 14:44:02 2016
@@ -483,7 +483,19 @@
<groupId>org.apache.geronimo.specs</groupId>
<artifactId>geronimo-annotation_1.0_spec</artifactId>
<version>1.1.1</version>
- <scope>provided</scope>
+ <optional>true</optional>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.geronimo.specs</groupId>
+ <artifactId>geronimo-jcdi_1.0_spec</artifactId>
+ <version>1.0</version>
+ <optional>true</optional>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.geronimo.specs</groupId>
+ <artifactId>geronimo-atinject_1.0_spec</artifactId>
+ <version>1.0</version>
+ <optional>true</optional>
</dependency>
<dependency>
<!-- jsoup HTML parser library -->
Modified: myfaces/tobago/branches/tobago-3.0.x/tobago-core/pom.xml
URL: http://svn.apache.org/viewvc/myfaces/tobago/branches/tobago-3.0.x/tobago-core/pom.xml?rev=1738254&r1=1738253&r2=1738254&view=diff
==============================================================================
--- myfaces/tobago/branches/tobago-3.0.x/tobago-core/pom.xml (original)
+++ myfaces/tobago/branches/tobago-3.0.x/tobago-core/pom.xml Fri Apr 8 14:44:02 2016
@@ -177,22 +177,25 @@
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
</dependency>
- <!--dependency>
- <groupId>com.google.caliper</groupId>
- <artifactId>caliper</artifactId>
- </dependency-->
-<!--
- <dependency>
- <groupId>com.google.code.gson</groupId>
- <artifactId>gson</artifactId>
- <version>2.2.2</version>
- <scope>compile</scope>
- </dependency>
--->
<dependency>
<groupId>org.jsoup</groupId>
<artifactId>jsoup</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.apache.geronimo.specs</groupId>
+ <artifactId>geronimo-annotation_1.0_spec</artifactId>
+ <optional>true</optional>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.geronimo.specs</groupId>
+ <artifactId>geronimo-jcdi_1.0_spec</artifactId>
+ <optional>true</optional>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.geronimo.specs</groupId>
+ <artifactId>geronimo-atinject_1.0_spec</artifactId>
+ <optional>true</optional>
+ </dependency>
</dependencies>
<profiles>
Modified: myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/component/AbstractUICommand.java
URL: http://svn.apache.org/viewvc/myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/component/AbstractUICommand.java?rev=1738254&r1=1738253&r2=1738254&view=diff
==============================================================================
--- myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/component/AbstractUICommand.java (original)
+++ myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/component/AbstractUICommand.java Fri Apr 8 14:44:02 2016
@@ -24,9 +24,14 @@ import org.apache.myfaces.tobago.compone
import org.apache.myfaces.tobago.component.SupportsAccessKey;
import org.apache.myfaces.tobago.component.SupportsRenderedPartially;
import org.apache.myfaces.tobago.component.Visual;
+import org.apache.myfaces.tobago.config.TobagoConfig;
import org.apache.myfaces.tobago.event.PopupFacetActionListener;
+import org.apache.myfaces.tobago.internal.util.AuthorizationHelper;
import org.apache.myfaces.tobago.util.ComponentUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import javax.el.MethodExpression;
import javax.faces.component.UICommand;
import javax.faces.component.UIComponent;
import javax.faces.component.behavior.ClientBehaviorHolder;
@@ -41,9 +46,15 @@ public abstract class AbstractUICommand
extends UICommand
implements SupportsRenderedPartially, SupportsAccessKey, OnComponentPopulated, Visual, ClientBehaviorHolder {
+ private static final Logger LOG = LoggerFactory.getLogger(AbstractUICommand.class);
+
// todo generate
private static final Collection<String> EVENT_NAMES = Arrays.asList("click");
+ enum PropertyKeys {
+ disabled,
+ }
+
// todo: transient
private Boolean parentOfCommands;
@@ -109,6 +120,39 @@ public abstract class AbstractUICommand
return parentOfCommands;
}
+ /**
+ Flag indicating that this element is disabled.
+ <br />Default: <code>false</code>
+ */
+ public boolean isDisabled() {
+
+ final FacesContext facesContext = getFacesContext();
+ final TobagoConfig tobagoConfig = TobagoConfig.getInstance(facesContext);
+ LOG.info("HALLO PROJECT STAGE: {}", tobagoConfig.getProjectStage());
+ // todo: get from configuration tobago-config.xml
+ if (true) {
+ final AuthorizationHelper authorizationHelper = AuthorizationHelper.getInstance(facesContext);
+ final MethodExpression actionExpression = getActionExpression();
+ if (actionExpression != null) {
+ final boolean authorized =
+ authorizationHelper.isAuthorized(facesContext, actionExpression.getExpressionString());
+ if (!authorized) {
+ return true;
+ }
+ }
+ }
+
+ Boolean bool = (Boolean) getStateHelper().eval(PropertyKeys.disabled);
+ if (bool != null) {
+ return bool;
+ }
+ return false;
+ }
+
+ public void setDisabled(boolean disabled) {
+ getStateHelper().put(PropertyKeys.disabled, disabled);
+ }
+
// todo generate
@Override
public String getDefaultEventName() {
@@ -139,8 +183,6 @@ public abstract class AbstractUICommand
public abstract boolean isOmit();
- public abstract boolean isDisabled();
-
public abstract String getTip();
// public abstract Integer getTabIndex();
Modified: myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/component/AbstractUILink.java
URL: http://svn.apache.org/viewvc/myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/component/AbstractUILink.java?rev=1738254&r1=1738253&r2=1738254&view=diff
==============================================================================
--- myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/component/AbstractUILink.java (original)
+++ myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/component/AbstractUILink.java Fri Apr 8 14:44:02 2016
@@ -26,13 +26,4 @@ public abstract class AbstractUILink ext
public abstract java.lang.String getImage();
public abstract Integer getTabIndex();
-
- @Override
- public abstract String getTip();
-
- @Override
- public abstract boolean isDisabled();
-
- @Override
- public abstract Character getAccessKey();
}
Modified: myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/component/ButtonTagDeclaration.java
URL: http://svn.apache.org/viewvc/myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/component/ButtonTagDeclaration.java?rev=1738254&r1=1738253&r2=1738254&view=diff
==============================================================================
--- myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/component/ButtonTagDeclaration.java (original)
+++ myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/component/ButtonTagDeclaration.java Fri Apr 8 14:44:02 2016
@@ -37,7 +37,7 @@ import org.apache.myfaces.tobago.interna
import org.apache.myfaces.tobago.internal.taglib.declaration.HasTarget;
import org.apache.myfaces.tobago.internal.taglib.declaration.HasTip;
import org.apache.myfaces.tobago.internal.taglib.declaration.IsDefaultCommand;
-import org.apache.myfaces.tobago.internal.taglib.declaration.IsDisabled;
+import org.apache.myfaces.tobago.internal.taglib.declaration.IsDisabledBySecurity;
import org.apache.myfaces.tobago.internal.taglib.declaration.IsImmediateCommand;
import org.apache.myfaces.tobago.internal.taglib.declaration.IsOmit;
import org.apache.myfaces.tobago.internal.taglib.declaration.IsTransition;
@@ -69,5 +69,5 @@ public interface ButtonTagDeclaration
extends HasAction, HasActionListener, IsImmediateCommand,
HasLink, HasResource, IsTransition, HasTarget, HasRenderedPartially,
IsOmit, HasIdBindingAndRendered, HasLabelAndAccessKey, HasImage,
- IsDisabled, IsDefaultCommand, HasTip, HasTabIndex, IsVisual {
+ IsDisabledBySecurity, IsDefaultCommand, HasTip, HasTabIndex, IsVisual {
}
Modified: myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/component/CommandTagDeclaration.java
URL: http://svn.apache.org/viewvc/myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/component/CommandTagDeclaration.java?rev=1738254&r1=1738253&r2=1738254&view=diff
==============================================================================
--- myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/component/CommandTagDeclaration.java (original)
+++ myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/component/CommandTagDeclaration.java Fri Apr 8 14:44:02 2016
@@ -34,7 +34,7 @@ import org.apache.myfaces.tobago.interna
import org.apache.myfaces.tobago.internal.taglib.declaration.HasTarget;
import org.apache.myfaces.tobago.internal.taglib.declaration.HasTip;
import org.apache.myfaces.tobago.internal.taglib.declaration.HasValue;
-import org.apache.myfaces.tobago.internal.taglib.declaration.IsDisabled;
+import org.apache.myfaces.tobago.internal.taglib.declaration.IsDisabledBySecurity;
import org.apache.myfaces.tobago.internal.taglib.declaration.IsImmediateCommand;
import org.apache.myfaces.tobago.internal.taglib.declaration.IsOmit;
import org.apache.myfaces.tobago.internal.taglib.declaration.IsTransition;
@@ -59,6 +59,6 @@ import javax.faces.component.UICommand;
allowedChildComponenents = "org.apache.myfaces.tobago.Popup")})
public interface CommandTagDeclaration
extends HasIdBindingAndRendered, HasAction, HasActionListener, IsImmediateCommand,
- HasLink, HasResource, IsTransition, HasTarget, HasRenderedPartially, IsDisabled, IsOmit, HasValue, IsVisual,
- HasLabelAndAccessKey, HasTip {
+ HasLink, HasResource, IsTransition, HasTarget, HasRenderedPartially, IsDisabledBySecurity,
+ IsOmit, HasValue, IsVisual, HasLabelAndAccessKey, HasTip {
}
Modified: myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/component/LinkTagDeclaration.java
URL: http://svn.apache.org/viewvc/myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/component/LinkTagDeclaration.java?rev=1738254&r1=1738253&r2=1738254&view=diff
==============================================================================
--- myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/component/LinkTagDeclaration.java (original)
+++ myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/component/LinkTagDeclaration.java Fri Apr 8 14:44:02 2016
@@ -36,7 +36,7 @@ import org.apache.myfaces.tobago.interna
import org.apache.myfaces.tobago.internal.taglib.declaration.HasTabIndex;
import org.apache.myfaces.tobago.internal.taglib.declaration.HasTarget;
import org.apache.myfaces.tobago.internal.taglib.declaration.HasTip;
-import org.apache.myfaces.tobago.internal.taglib.declaration.IsDisabled;
+import org.apache.myfaces.tobago.internal.taglib.declaration.IsDisabledBySecurity;
import org.apache.myfaces.tobago.internal.taglib.declaration.IsImmediateCommand;
import org.apache.myfaces.tobago.internal.taglib.declaration.IsOmit;
import org.apache.myfaces.tobago.internal.taglib.declaration.IsTransition;
@@ -68,6 +68,6 @@ import javax.faces.component.UICommand;
allowedChildComponenents = "org.apache.myfaces.tobago.Popup")})
public interface LinkTagDeclaration
extends HasIdBindingAndRendered, HasLabelAndAccessKey, HasAction, HasActionListener, IsImmediateCommand,
- HasLink, HasResource, IsTransition, HasTarget, HasRenderedPartially, IsDisabled, IsOmit,
+ HasLink, HasResource, IsTransition, HasTarget, HasRenderedPartially, IsDisabledBySecurity, IsOmit,
HasTip, HasImage, HasTabIndex, IsVisual {
}
Modified: myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/component/MenuCommandTagDeclaration.java
URL: http://svn.apache.org/viewvc/myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/component/MenuCommandTagDeclaration.java?rev=1738254&r1=1738253&r2=1738254&view=diff
==============================================================================
--- myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/component/MenuCommandTagDeclaration.java (original)
+++ myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/component/MenuCommandTagDeclaration.java Fri Apr 8 14:44:02 2016
@@ -32,7 +32,7 @@ import org.apache.myfaces.tobago.interna
import org.apache.myfaces.tobago.internal.taglib.declaration.HasResource;
import org.apache.myfaces.tobago.internal.taglib.declaration.HasTarget;
import org.apache.myfaces.tobago.internal.taglib.declaration.HasTip;
-import org.apache.myfaces.tobago.internal.taglib.declaration.IsDisabled;
+import org.apache.myfaces.tobago.internal.taglib.declaration.IsDisabledBySecurity;
import org.apache.myfaces.tobago.internal.taglib.declaration.IsImmediateCommand;
import org.apache.myfaces.tobago.internal.taglib.declaration.IsOmit;
import org.apache.myfaces.tobago.internal.taglib.declaration.IsTransition;
@@ -54,6 +54,6 @@ import javax.faces.component.UICommand;
allowedChildComponenents = "NONE")
public interface MenuCommandTagDeclaration
extends HasAction, HasActionListener, IsImmediateCommand,
- HasLink, HasResource, IsTransition, HasTarget, HasRenderedPartially, IsDisabled, IsOmit, IsVisual,
+ HasLink, HasResource, IsTransition, HasTarget, HasRenderedPartially, IsDisabledBySecurity, IsOmit, IsVisual,
HasIdBindingAndRendered, HasLabelAndAccessKey, HasTip, HasImage {
}
Modified: myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/component/ToolBarCommandTagDeclaration.java
URL: http://svn.apache.org/viewvc/myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/component/ToolBarCommandTagDeclaration.java?rev=1738254&r1=1738253&r2=1738254&view=diff
==============================================================================
--- myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/component/ToolBarCommandTagDeclaration.java (original)
+++ myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/component/ToolBarCommandTagDeclaration.java Fri Apr 8 14:44:02 2016
@@ -34,7 +34,7 @@ import org.apache.myfaces.tobago.interna
import org.apache.myfaces.tobago.internal.taglib.declaration.HasResource;
import org.apache.myfaces.tobago.internal.taglib.declaration.HasTarget;
import org.apache.myfaces.tobago.internal.taglib.declaration.HasTip;
-import org.apache.myfaces.tobago.internal.taglib.declaration.IsDisabled;
+import org.apache.myfaces.tobago.internal.taglib.declaration.IsDisabledBySecurity;
import org.apache.myfaces.tobago.internal.taglib.declaration.IsImmediateCommand;
import org.apache.myfaces.tobago.internal.taglib.declaration.IsOmit;
import org.apache.myfaces.tobago.internal.taglib.declaration.IsTransition;
@@ -64,5 +64,5 @@ import javax.faces.component.UICommand;
public interface ToolBarCommandTagDeclaration
extends HasAction, HasActionListener, IsImmediateCommand,
HasLink, HasResource, IsTransition, HasTarget, HasRenderedPartially, IsOmit, HasIdBindingAndRendered,
- HasLabelAndAccessKey, HasImage, IsDisabled, HasTip, IsVisual {
+ HasLabelAndAccessKey, HasImage, IsDisabledBySecurity, HasTip, IsVisual {
}
Modified: myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/component/TreeCommandTagDeclaration.java
URL: http://svn.apache.org/viewvc/myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/component/TreeCommandTagDeclaration.java?rev=1738254&r1=1738253&r2=1738254&view=diff
==============================================================================
--- myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/component/TreeCommandTagDeclaration.java (original)
+++ myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/component/TreeCommandTagDeclaration.java Fri Apr 8 14:44:02 2016
@@ -35,7 +35,7 @@ import org.apache.myfaces.tobago.interna
import org.apache.myfaces.tobago.internal.taglib.declaration.HasTabIndex;
import org.apache.myfaces.tobago.internal.taglib.declaration.HasTarget;
import org.apache.myfaces.tobago.internal.taglib.declaration.HasTip;
-import org.apache.myfaces.tobago.internal.taglib.declaration.IsDisabled;
+import org.apache.myfaces.tobago.internal.taglib.declaration.IsDisabledBySecurity;
import org.apache.myfaces.tobago.internal.taglib.declaration.IsImmediateCommand;
import org.apache.myfaces.tobago.internal.taglib.declaration.IsOmit;
import org.apache.myfaces.tobago.internal.taglib.declaration.IsTransition;
@@ -68,7 +68,7 @@ import javax.faces.component.UICommand;
allowedChildComponenents = "org.apache.myfaces.tobago.Popup")},
rendererType = RendererTypes.TREE_COMMAND)
public interface TreeCommandTagDeclaration
- extends HasAction, HasActionListener, IsImmediateCommand,
- HasLink, HasResource, IsTransition, HasTarget, HasRenderedPartially, IsDisabled, IsOmit, HasIdBindingAndRendered,
+ extends HasIdBindingAndRendered, HasAction, HasActionListener, IsImmediateCommand,
+ HasLink, HasResource, IsTransition, HasTarget, HasRenderedPartially, IsDisabledBySecurity, IsOmit,
HasLabelAndAccessKey, HasTip, HasTabIndex, IsVisual {
}
Copied: myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/declaration/IsDisabledBySecurity.java (from r1737931, myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/declaration/IsDisabled.java)
URL: http://svn.apache.org/viewvc/myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/declaration/IsDisabledBySecurity.java?p2=myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/declaration/IsDisabledBySecurity.java&p1=myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/declaration/IsDisabled.java&r1=1737931&r2=1738254&rev=1738254&view=diff
==============================================================================
--- myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/declaration/IsDisabled.java (original)
+++ myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/taglib/declaration/IsDisabledBySecurity.java Fri Apr 8 14:44:02 2016
@@ -22,11 +22,13 @@ package org.apache.myfaces.tobago.intern
import org.apache.myfaces.tobago.apt.annotation.TagAttribute;
import org.apache.myfaces.tobago.apt.annotation.UIComponentTagAttribute;
-public interface IsDisabled {
+public interface IsDisabledBySecurity {
/**
- * Flag indicating that this element is disabled.
+ * Flag indicating that this element is disabled. If configured so in the tobago-config.xml the action will be
+ * checked for the annotations {@link javax.annotation.security.RolesAllowed},
+ * {@link javax.annotation.security.PermitAll} or {@link javax.annotation.security.DenyAll}.
*/
@TagAttribute()
- @UIComponentTagAttribute(type = "boolean", defaultValue = "false")
+ @UIComponentTagAttribute(type = "boolean", generate = false)
void setDisabled(String disabled);
}
Added: myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/util/AuthorizationHelper.java
URL: http://svn.apache.org/viewvc/myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/util/AuthorizationHelper.java?rev=1738254&view=auto
==============================================================================
--- myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/util/AuthorizationHelper.java (added)
+++ myfaces/tobago/branches/tobago-3.0.x/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/util/AuthorizationHelper.java Fri Apr 8 14:44:02 2016
@@ -0,0 +1,211 @@
+package org.apache.myfaces.tobago.internal.util;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.annotation.security.DenyAll;
+import javax.annotation.security.PermitAll;
+import javax.annotation.security.RolesAllowed;
+import javax.enterprise.inject.spi.Bean;
+import javax.enterprise.inject.spi.BeanManager;
+import javax.faces.bean.ManagedBean;
+import javax.faces.context.FacesContext;
+import javax.naming.InitialContext;
+import java.lang.annotation.Annotation;
+import java.lang.reflect.AnnotatedElement;
+import java.lang.reflect.Method;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+/* The JSF annotations are, because it has to be runnable without CDI */
+@ManagedBean
+@javax.faces.bean.ApplicationScoped
+public class AuthorizationHelper {
+
+ private static final Logger LOG = LoggerFactory.getLogger(AuthorizationHelper.class);
+
+ public static final String AUTHORIZATION_HELPER = "authorizationHelper";
+
+ private static final Pattern PATTERN = Pattern.compile("#\\{(\\w+(?:\\.\\w+)*)\\.(\\w+)(?:\\(.*\\))?\\}");
+
+ private static final Annotation NULL_VALUE = new Annotation() {
+ @Override
+ public Class<? extends Annotation> annotationType() {
+ return null;
+ }
+
+ @Override
+ public String toString() {
+ return "(NULL)";
+ }
+ };
+
+ private final Map<String, Object> cache = new ConcurrentHashMap<String, Object>();
+
+ private BeanManager beanManager;
+
+ public AuthorizationHelper() {
+
+ // XXX this is easier with CDI 1.1
+ // beanManager = CDI.context().getBeanManager();
+
+ try {
+ final InitialContext context = new InitialContext();
+ beanManager = (BeanManager)context.lookup("java:comp/BeanManager");
+ } catch (Exception exception) {
+ LOG.warn("Can't obtain 'java:comp/BeanManager'", exception);
+ }
+
+ if (beanManager == null) {
+ // this works with Jetty 9
+ beanManager = (BeanManager)
+ FacesContext.getCurrentInstance().getExternalContext().getApplicationMap().get(BeanManager.class.getName());
+ }
+
+ LOG.info("******************************************************************************************");
+ LOG.info("BEAN_MANAGER {}", beanManager);
+ LOG.info("******************************************************************************************");
+ }
+
+ public static AuthorizationHelper getInstance(final FacesContext facesContext) {
+ return (AuthorizationHelper)
+ facesContext.getELContext().getELResolver().getValue(facesContext.getELContext(),null, AUTHORIZATION_HELPER);
+ }
+
+ public boolean isAuthorized(final FacesContext facesContext, final String expression) {
+
+ final Annotation securityAnnotation = getSecurityAnnotation(facesContext, expression);
+ if (securityAnnotation == null) {
+ return true;
+ }
+
+ if (securityAnnotation instanceof DenyAll) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("DenyAll");
+ }
+ return false;
+ }
+ if (securityAnnotation instanceof RolesAllowed) {
+ final String[] roles = ((RolesAllowed) securityAnnotation).value();
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("RolesAllowed " + Arrays.asList(((RolesAllowed) securityAnnotation).value()));
+ }
+ for (final String role : roles) {
+ final boolean authorised = facesContext.getExternalContext().isUserInRole(role);
+ if (authorised) {
+ return true;
+ }
+ }
+ return false;
+ }
+ if (securityAnnotation instanceof PermitAll) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("PermitAll");
+ }
+ return true;
+ }
+ return true;
+ }
+
+ private Annotation getSecurityAnnotation(final FacesContext facesContext, String expression) {
+ if (cache.containsKey(expression)) {
+ final Object obj = cache.get(expression);
+ if (obj instanceof Annotation) {
+ return (Annotation) obj;
+ }
+ return null;
+ } else {
+ Annotation securityAnnotation = null;
+ final Matcher matcher = PATTERN.matcher(expression);
+ if (matcher.matches()) {
+ final String beanString = matcher.group(1);
+ final String methodString = matcher.group(2);
+
+ Object bean = null;
+
+ if (beanManager != null) { // CDI case
+ for (Bean<?> entry : beanManager.getBeans(beanString)) {
+ if (bean == null) {
+ bean = entry;
+ } else {
+ LOG.warn("Bean name ambiguous: '{}'", beanString);
+ }
+ }
+
+ } else { // JSF case
+ bean = facesContext.getELContext().getELResolver().getValue(facesContext.getELContext(), null, beanString);
+ }
+
+ if (bean != null) {
+ // try first from method
+ final List<Method> methods = findMethods(bean, methodString);
+ switch (methods.size()) {
+ case 0:
+ LOG.error("No Method '" + methodString + "' in class " + bean.getClass());
+ break;
+ case 1:
+ securityAnnotation = getSecurityAnnotations(methods.get(0));
+ break;
+ default:
+ LOG.warn("Method name ambiguous '" + methodString + "' in class " + bean.getClass()
+ + ". Found " + methods.size() + " but only 1 is supported, yet.");
+ }
+ // if not set, try from class
+ if (securityAnnotation == null) {
+ securityAnnotation = getSecurityAnnotations(bean.getClass());
+ }
+ }
+ }
+ if (securityAnnotation == null) {
+ securityAnnotation = NULL_VALUE;
+ }
+
+ cache.put(expression, securityAnnotation);
+ if (LOG.isInfoEnabled()) {
+ LOG.info("Security annotation '{}' saved for expression '{}'", securityAnnotation, expression);
+ }
+
+ return securityAnnotation;
+ }
+ }
+
+ private Annotation getSecurityAnnotations(final AnnotatedElement annotatedElement) {
+ Annotation annotation = annotatedElement.getAnnotation(RolesAllowed.class);
+ if (annotation != null) {
+ return annotation;
+ }
+ annotation = annotatedElement.getAnnotation(DenyAll.class);
+ if (annotation != null) {
+ return annotation;
+ }
+ annotation = annotatedElement.getAnnotation(PermitAll.class);
+ if (annotation != null) {
+ return annotation;
+ }
+ return null;
+ }
+
+ private List<Method> findMethods(Object bean, String name) {
+ final Class clazz;
+ if (bean instanceof Bean) {
+ clazz = ((Bean) bean).getBeanClass();
+ } else {
+ clazz = bean.getClass();
+ }
+
+ final Method[] methods = clazz.getMethods();
+ final List<Method> result = new ArrayList<Method>();
+ for (Method method : methods) {
+ if (method.getName().equals(name)) {
+ result.add(method);
+ }
+ }
+ return result;
+ }
+
+}