接上篇(seam登录时的权限验证)之“seam基于数据库的权限验证”
声明:这里是通过数据库来手工设置权限部分的。和“基于规则的权限验证”要理解开来!!
步骤:
(1) 在登录的时候从数据库的permission表中把权限部分拿出来,然后塞到WorkingMemory中。
(2) 创建好permission实体和GrantedPermission类。
(3) 在security.drl配置文件中进行判断是否有权限。
(4) 在UserList.xhtml页面中,进行测试。
代码如下:
(1) AuthenticatorAction.java
package cn.ctit.cms.session;
import static org.jboss.seam.ScopeType.SESSION;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.List;
import javax.ejb.Stateless;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import org.drools.WorkingMemory;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Observer;
import org.jboss.seam.annotations.Out;
import org.jboss.seam.faces.FacesMessages;
import org.jboss.seam.security.Credentials;
import org.jboss.seam.security.Identity;
import org.jboss.seam.security.permission.RuleBasedPermissionResolver;
import sun.misc.BASE64Encoder;
import cn.ctit.cms.entity.Users;
@Stateless
@Name("authenticator")
public class AuthenticatorAction implements Authenticator
{
@In Identity identity;
@In Credentials credentials;
@In
RuleBasedPermissionResolver ruleBasedPermissionResolver;
@PersistenceContext
private EntityManager em;
@Out(required=false, scope = SESSION)
private Users user2;
private short rolecount;
@SuppressWarnings("unchecked")
@Observer("org.jboss.seam.security.loginSuccessful")
public void addrolepermission(){
identity.addRole(String.valueOf(user2.getRole()));
WorkingMemory wm = ruleBasedPermissionResolver.getSecurityContext();
for(Permission p:user2.getPermissionList()){
wm.insert(p);
}
}
@SuppressWarnings("unchecked")
public boolean authenticate()
{
try{
List results = em.createQuery("select u from Users u where u.username=:usern and u.password=:pass")
.setParameter("usern", credentials.getUsername())
.setParameter("pass", EncoderByMd5(credentials.getPassword()))
.getResultList();
if(results.size() == 0){
FacesMessages.instance().addToControl("wrongmessage", "user name or password is not available !");
return false;
}else{
user2 = (Users) results.get(0);
if(user2.getEnable()!=null && user2.getEnable()){
return true;
}else{
FacesMessages.instance().addToControl("wrongmessage", "user is inactive !");
return false;
}
}
}catch (Exception ex){
ex.printStackTrace();
return false;
}
}
}
(2)Permission.java
package cn.ctit.cms.entity;
// Generated Feb 3, 2009 4:08:09 AM by Hibernate Tools 3.2.2.GA
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import static javax.persistence.GenerationType.IDENTITY;
import javax.persistence.FetchType;
import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.ManyToOne;
import javax.persistence.Table;
import org.hibernate.validator.Length;
/**
* Users generated by hbm2java
*/
@Entity
@Table(name = "permission", catalog = "cms")
public class Permission implements java.io.Serializable {
private Long id;
private String target;
private String action;
private Users users;
public Permission() {
}
public Permission(String target, String action, Users users) {
this.target = target;
this.action = action;
this.users = users;
}
@Id
@GeneratedValue(strategy = IDENTITY)
@Column(name = "id", unique = true, nullable = false)
public Long getId() {
return this.id;
}
public void setId(Long id) {
this.id = id;
}
@Column(name = "target", length = 20)
@Length(max = 20)
public String getTarget() {
return this.target;
}
public void setTarget(String target) {
this.target = target;
}
@Column(name = "action", length = 20)
@Length(max = 20)
public String getAction() {
return this.action;
}
public void setAction(String password) {
this.action = action;
}
@ManyToOne(fetch = FetchType.LAZY)
@JoinColumn(name = "user_id")
public Users getUsers() {
return this.users;
}
public void setUsers(Users users) {
this.users = users;
}
}
(3)GrantedPermission.java
package cn.ctit.cms.session;
import java.io.Serializable;
public class GrantedPermission implements Serializable
{
private static final long serialVersionUID = -1868188969326866331L;
private String target;
private String action;
public GrantedPermission(){}
public GrantedPermission(String target,String action){
this.target = target;
this.action = action;
}
public String getTarget() {
return target;
}
public void setTarget(String target) {
this.target = target;
}
public String getAction() {
return action;
}
public void setAction(String action) {
this.action = action;
}
}
(4)security.drl
package Permissions;
import java.security.Principal;
import org.jboss.seam.security.permission.PermissionCheck;
import org.jboss.seam.security.Role;
import cn.ctit.cms.session.GrantedPermission;
rule GrantDynamicPermission
no-loop
activation-group "permissions"
salience -10
when
check: PermissionCheck(granted == false)
GrantedPermission(t:target -> (t.equals(check.getTarget())),a:action -> (a.equals(check.getAction())) )
then
System.out.println("Permission granted !!");
check.grant();
end
(5)UsersList.xhtml
<!DOCTYPE composition PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<ui:composition xmlns="http://www.w3.org/1999/xhtml"
xmlns:s="http://jboss.com/products/seam/taglib"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:rich="http://richfaces.org/rich"
template="../layout/template.xhtml">
<ui:define name="body">
<h:form id="usersSearch" styleClass="edit">
<s:fragment rendered="#{s:hasPermission('insertname', 'insert')}">
<s:link value="insert" /><span> | </span>
</s:fragment>
<s:fragment rendered="#{s:hasPermission('updatename', 'insert')}">
<s:link value="update" /><span> | </span>
</s:fragment>
<s:fragment rendered="#{s:hasPermission('updatename', 'update')}">
<s:link value="update2" /><span> | </span>
</s:fragment>
</h:form>
</ui:define>
</ui:composition>