声明:这里是通过数据库来手工设置权限部分的。和“基于规则的权限验证”要理解开来!!
步骤:
(1) 在登录的时候从数据库的permission表中把权限部分拿出来,然后塞到WorkingMemory中。
(2) 创建好permission实体和GrantedPermission类。
(3) 在security.drl配置文件中进行判断是否有权限。
(4) 在UserList.xhtml页面中,进行测试。
代码如下:
(1) AuthenticatorAction.java
package cn.ctit.cms.session;
import static org.jboss.seam.ScopeType.SESSION;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.List;
import javax.ejb.Stateless;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import org.drools.WorkingMemory;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Observer;
import org.jboss.seam.annotations.Out;
import org.jboss.seam.faces.FacesMessages;
import org.jboss.seam.security.Credentials;
import org.jboss.seam.security.Identity;
import org.jboss.seam.security.permission.RuleBasedPermissionResolver;
import sun.misc.BASE64Encoder;
import cn.ctit.cms.entity.Users;
@Stateless
@Name("authenticator")
public class AuthenticatorAction implements Authenticator
{
@In Identity identity;
@In Credentials credentials;
@In
RuleBasedPermissionResolver ruleBasedPermissionResolver;
@PersistenceContext
private EntityManager em;
@Out(required=false, scope = SESSION)
private Users user2;
private short rolecount;
@SuppressWarnings("unchecked")
@Observer("org.jboss.seam.security.loginSuccessful")
public void addrolepermission(){
identity.addRole(String.valueOf(user2.getRole()));
WorkingMemory wm = ruleBasedPermissionResolver.getSecurityContext();
for(Permission p:user2.getPermissionList()){
wm.insert(p);
}
}
@SuppressWarnings("unchecked")
public boolean authenticate()
{
try{
List results = em.createQuery("select u from Users u where u.username=:usern and u.password=:pass")
.setParameter("usern", credentials.getUsername())
.setParameter("pass", EncoderByMd5(credentials.getPassword()))
.getResultList();
if(results.size() == 0){
FacesMessages.instance().addToControl("wrongmessage", "user name or password is not available !");
return false;
}else{
user2 = (Users) results.get(0);
if(user2.getEnable()!=null && user2.getEnable()){
return true;
}else{
FacesMessages.instance().addToControl("wrongmessage", "user is inactive !");
return false;
}
}
}catch (Exception ex){
ex.printStackTrace();
return false;
}
}
}
(2)Permission.java
package cn.ctit.cms.entity;
// Generated Feb 3, 2009 4:08:09 AM by Hibernate Tools 3.2.2.GA
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import static javax.persistence.GenerationType.IDENTITY;
import javax.persistence.FetchType;
import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.ManyToOne;
import javax.persistence.Table;
import org.hibernate.validator.Length;
/**
* Users generated by hbm2java
*/
@Entity
@Table(name = "permission", catalog = "cms")
public class Permission implements java.io.Serializable {
private Long id;
private String target;
private String action;
private Users users;
public Permission() {
}
public Permission(String target, String action, Users users) {
this.target = target;
this.action = action;
this.users = users;
}
@Id
@GeneratedValue(strategy = IDENTITY)
@Column(name = "id", unique = true, nullable = false)
public Long getId() {
return this.id;
}
public void setId(Long id) {
this.id = id;
}
@Column(name = "target", length = 20)
@Length(max = 20)
public String getTarget() {
return this.target;
}
public void setTarget(String target) {
this.target = target;
}
@Column(name = "action", length = 20)
@Length(max = 20)
public String getAction() {
return this.action;
}
public void setAction(String password) {
this.action = action;
}
@ManyToOne(fetch = FetchType.LAZY)
@JoinColumn(name = "user_id")
public Users getUsers() {
return this.users;
}
public void setUsers(Users users) {
this.users = users;
}
}
(3)GrantedPermission.java
package cn.ctit.cms.session;
import java.io.Serializable;
public class GrantedPermission implements Serializable
{
private static final long serialVersionUID = -1868188969326866331L;
private String target;
private String action;
public GrantedPermission(){}
public GrantedPermission(String target,String action){
this.target = target;
this.action = action;
}
public String getTarget() {
return target;
}
public void setTarget(String target) {
this.target = target;
}
public String getAction() {
return action;
}
public void setAction(String action) {
this.action = action;
}
}
(4)security.drl
package Permissions;
import java.security.Principal;
import org.jboss.seam.security.permission.PermissionCheck;
import org.jboss.seam.security.Role;
import cn.ctit.cms.session.GrantedPermission;
rule GrantDynamicPermission
no-loop
activation-group "permissions"
salience -10
when
check: PermissionCheck(granted == false)
GrantedPermission(t:target -> (t.equals(check.getTarget())),a:action -> (a.equals(check.getAction())) )
then
System.out.println("Permission granted !!");
check.grant();
end
(5)UsersList.xhtml
<!DOCTYPE composition PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<ui:composition xmlns="http://www.w3.org/1999/xhtml"
xmlns:s="http://jboss.com/products/seam/taglib"
xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:rich="http://richfaces.org/rich"
template="../layout/template.xhtml">
<ui:define name="body">
<h:form id="usersSearch" styleClass="edit">
<s:fragment rendered="#{s:hasPermission('insertname', 'insert')}">
<s:link value="insert" /><span> | </span>
</s:fragment>
<s:fragment rendered="#{s:hasPermission('updatename', 'insert')}">
<s:link value="update" /><span> | </span>
</s:fragment>
<s:fragment rendered="#{s:hasPermission('updatename', 'update')}">
<s:link value="update2" /><span> | </span>
</s:fragment>
</h:form>
</ui:define>
</ui:composition>
分享到:
相关推荐
3. **权限验证**:Seam 包含一个广泛适用的权限验证框架,支持基于角色的访问控制(RBAC)、持久化权限设置以及规则驱动的权限决策。这使得开发者可以根据业务逻辑创建自定义的安全策略。 4. **权限管理**:Seam ...
5. **安全和身份验证(Security and Authentication)**: Seam集成了JAAS(Java Authentication and Authorization Service),提供了用户认证和权限管理功能。 **三、Seam与Java EE集成** 1. **JSF集成**: Seam与...
在 Seam 2.1 中,最显著的变化之一就是增强了安全性方面的功能,尤其是在用户权限验证机制上。这一版本不仅提供了更为精细的权限控制选项,还增加了对最新安全标准的支持,如更严格的密码策略和会话管理机制等。 ##...
- **在 JBoss AS 上运行示例**:这是最直接的方式之一,可以快速验证环境配置是否正确,并且熟悉 Seam 在 JBoss AS 上的运行方式。 - **在 Tomcat 服务器上运行示例**:如果开发者已经熟悉了 Tomcat,那么这种方式...
### 基于Seam2.1的最新力作《Seam Framework: Experience the Evolution of Java EE, 2nd Edition》摘要分析 #### 核心概念:Seam框架概述 Seam框架是一款革命性的Web应用开发框架,它将标准的Java EE技术与一系列...
它提供了事务管理,以及在JSF页面上直接显示和操作数据库记录的能力。 5. **与JSF的无缝结合**:Seam 和JavaServer Faces 集成紧密,能够自动处理JSF和EJB之间的转换,减少了繁琐的手动绑定工作。 6. **安全和身份...
本篇文章将详细介绍Liferay的整体框架以及各个主要功能模块的具体实现,旨在帮助读者全面了解Liferay的核心优势和技术细节。 #### 二、操作系统支持 Liferay Portal支持多种操作系统,包括但不限于: - **Linux** -...