Download as
Browse Code »

Commit 586f311d2dc9ef9718bc337bb3ce2f2ec5912abf

Authored by PauloGladson
1 parent dc333641

Segurança

Showing 21 changed files with 1770 additions and 0 deletions   Show diff stats
core/src/main/java/org/demoiselle/jee/core/annotation/literal/NameQualifier.java 0 → 100644
  Diff comments   View file @586f311
... ... @@ -0,0 +1,70 @@
  1 +/*
  2 + * Demoiselle Framework
  3 + * Copyright (C) 2010 SERPRO
  4 + * ----------------------------------------------------------------------------
  5 + * This file is part of Demoiselle Framework.
  6 + *
  7 + * Demoiselle Framework is free software; you can redistribute it and/or
  8 + * modify it under the terms of the GNU Lesser General Public License version 3
  9 + * as published by the Free Software Foundation.
  10 + *
  11 + * This program is distributed in the hope that it will be useful,
  12 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14 + * GNU General Public License for more details.
  15 + *
  16 + * You should have received a copy of the GNU Lesser General Public License version 3
  17 + * along with this program; if not, see <http://www.gnu.org/licenses/>
  18 + * or write to the Free Software Foundation, Inc., 51 Franklin Street,
  19 + * Fifth Floor, Boston, MA 02110-1301, USA.
  20 + * ----------------------------------------------------------------------------
  21 + * Este arquivo é parte do Framework Demoiselle.
  22 + *
  23 + * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou
  24 + * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação
  25 + * do Software Livre (FSF).
  26 + *
  27 + * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA
  28 + * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou
  29 + * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português
  30 + * para maiores detalhes.
  31 + *
  32 + * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título
  33 + * "LICENCA.txt", junto com esse programa. Se não, acesse <http://www.gnu.org/licenses/>
  34 + * ou escreva para a Fundação do Software Livre (FSF) Inc.,
  35 + * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
  36 + */
  37 +package org.demoiselle.jee.core.annotation.literal;
  38 +
  39 +import org.demoiselle.jee.core.annotation.Name;
  40 +
  41 +import javax.enterprise.util.AnnotationLiteral;
  42 +
  43 +/**
  44 + * Annotation litteral that allows to create instances of the {@link Name} literal. The created instance can then be
  45 + * used to call {@link javax.enterprise.inject.spi.CDI#select(Class subtype, java.lang.annotation.Annotation... qualifiers)}
  46 + *
  47 + * @author SERPRO
  48 + * @see javax.enterprise.inject.spi.CDI
  49 + */
  50 +@SuppressWarnings("all")
  51 +public class NameQualifier extends AnnotationLiteral<Name> implements Name {
  52 +
  53 + private static final long serialVersionUID = 1L;
  54 +
  55 + private final String value;
  56 +
  57 + /**
  58 + * Constructor with string value of name literal.
  59 + *
  60 + * @param value value of name literal.
  61 + */
  62 + public NameQualifier(String value) {
  63 + this.value = value;
  64 + }
  65 +
  66 + @Override
  67 + public String value() {
  68 + return this.value;
  69 + }
  70 +}
... ...
core/src/main/java/org/demoiselle/jee/core/annotation/literal/NamedQualifier.java 0 → 100644
  Diff comments   View file @586f311
... ... @@ -0,0 +1,67 @@
  1 +/*
  2 + * Demoiselle Framework
  3 + * Copyright (C) 2010 SERPRO
  4 + * ----------------------------------------------------------------------------
  5 + * This file is part of Demoiselle Framework.
  6 + *
  7 + * Demoiselle Framework is free software; you can redistribute it and/or
  8 + * modify it under the terms of the GNU Lesser General Public License version 3
  9 + * as published by the Free Software Foundation.
  10 + *
  11 + * This program is distributed in the hope that it will be useful,
  12 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14 + * GNU General Public License for more details.
  15 + *
  16 + * You should have received a copy of the GNU Lesser General Public License version 3
  17 + * along with this program; if not, see <http://www.gnu.org/licenses/>
  18 + * or write to the Free Software Foundation, Inc., 51 Franklin Street,
  19 + * Fifth Floor, Boston, MA 02110-1301, USA.
  20 + * ----------------------------------------------------------------------------
  21 + * Este arquivo é parte do Framework Demoiselle.
  22 + *
  23 + * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou
  24 + * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação
  25 + * do Software Livre (FSF).
  26 + *
  27 + * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA
  28 + * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou
  29 + * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português
  30 + * para maiores detalhes.
  31 + *
  32 + * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título
  33 + * "LICENCA.txt", junto com esse programa. Se não, acesse <http://www.gnu.org/licenses/>
  34 + * ou escreva para a Fundação do Software Livre (FSF) Inc.,
  35 + * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
  36 + */
  37 +package org.demoiselle.jee.core.annotation.literal;
  38 +
  39 +import javax.enterprise.util.AnnotationLiteral;
  40 +import javax.inject.Named;
  41 +import java.lang.annotation.Annotation;
  42 +
  43 +/**
  44 + * Annotation litteral that allows to create instances of the {@link Named} literal.
  45 + * Those instances can then be used to call
  46 + * {@link javax.enterprise.inject.spi.CDI#select(Class subtype, Annotation... qualifiers)}
  47 + *
  48 + * @see javax.enterprise.inject.spi.CDI
  49 + * @see Named
  50 + *
  51 + * @author SERPRO
  52 + */
  53 +@SuppressWarnings("all")
  54 +public class NamedQualifier extends AnnotationLiteral<Named> implements Named {
  55 +
  56 + private static final long serialVersionUID = 6790759427086052113L;
  57 +
  58 + private String namedValue;
  59 +
  60 + public NamedQualifier(String value) {
  61 + namedValue = value;
  62 + }
  63 +
  64 + public String value() {
  65 + return namedValue;
  66 + }
  67 +}
... ...
core/src/main/java/org/demoiselle/jee/core/annotation/literal/StrategyQualifier.java 0 → 100644
  Diff comments   View file @586f311
... ... @@ -0,0 +1,53 @@
  1 +/*
  2 + * Demoiselle Framework
  3 + * Copyright (C) 2010 SERPRO
  4 + * ----------------------------------------------------------------------------
  5 + * This file is part of Demoiselle Framework.
  6 + *
  7 + * Demoiselle Framework is free software; you can redistribute it and/or
  8 + * modify it under the terms of the GNU Lesser General Public License version 3
  9 + * as published by the Free Software Foundation.
  10 + *
  11 + * This program is distributed in the hope that it will be useful,
  12 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14 + * GNU General Public License for more details.
  15 + *
  16 + * You should have received a copy of the GNU Lesser General Public License version 3
  17 + * along with this program; if not, see <http://www.gnu.org/licenses/>
  18 + * or write to the Free Software Foundation, Inc., 51 Franklin Street,
  19 + * Fifth Floor, Boston, MA 02110-1301, USA.
  20 + * ----------------------------------------------------------------------------
  21 + * Este arquivo é parte do Framework Demoiselle.
  22 + *
  23 + * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou
  24 + * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação
  25 + * do Software Livre (FSF).
  26 + *
  27 + * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA
  28 + * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou
  29 + * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português
  30 + * para maiores detalhes.
  31 + *
  32 + * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título
  33 + * "LICENCA.txt", junto com esse programa. Se não, acesse <http://www.gnu.org/licenses/>
  34 + * ou escreva para a Fundação do Software Livre (FSF) Inc.,
  35 + * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
  36 + */
  37 +package org.demoiselle.jee.core.annotation.literal;
  38 +
  39 +import org.demoiselle.jee.core.annotation.Strategy;
  40 +
  41 +import javax.enterprise.util.AnnotationLiteral;
  42 +
  43 +/**
  44 + * Annotation litteral that allows to create instances of the {@link Strategy} literal. The created instance can then be
  45 + * used to call {@link javax.enterprise.inject.spi.CDI#select(Class subtype, java.lang.annotation.Annotation... qualifiers)}.
  46 + *
  47 + * @see javax.enterprise.inject.spi.CDI
  48 + * @author SERPRO
  49 + */
  50 +@SuppressWarnings("all")
  51 +public class StrategyQualifier extends AnnotationLiteral<Strategy> implements Strategy {
  52 +
  53 +}
... ...
core/src/main/java/org/demoiselle/jee/core/annotation/literal/TypeQualifier.java 0 → 100644
  Diff comments   View file @586f311
... ... @@ -0,0 +1,71 @@
  1 +/*
  2 + * Demoiselle Framework
  3 + * Copyright (C) 2010 SERPRO
  4 + * ----------------------------------------------------------------------------
  5 + * This file is part of Demoiselle Framework.
  6 + *
  7 + * Demoiselle Framework is free software; you can redistribute it and/or
  8 + * modify it under the terms of the GNU Lesser General Public License version 3
  9 + * as published by the Free Software Foundation.
  10 + *
  11 + * This program is distributed in the hope that it will be useful,
  12 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14 + * GNU General Public License for more details.
  15 + *
  16 + * You should have received a copy of the GNU Lesser General Public License version 3
  17 + * along with this program; if not, see <http://www.gnu.org/licenses/>
  18 + * or write to the Free Software Foundation, Inc., 51 Franklin Street,
  19 + * Fifth Floor, Boston, MA 02110-1301, USA.
  20 + * ----------------------------------------------------------------------------
  21 + * Este arquivo é parte do Framework Demoiselle.
  22 + *
  23 + * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou
  24 + * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação
  25 + * do Software Livre (FSF).
  26 + *
  27 + * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA
  28 + * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou
  29 + * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português
  30 + * para maiores detalhes.
  31 + *
  32 + * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título
  33 + * "LICENCA.txt", junto com esse programa. Se não, acesse <http://www.gnu.org/licenses/>
  34 + * ou escreva para a Fundação do Software Livre (FSF) Inc.,
  35 + * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
  36 + */
  37 +package org.demoiselle.jee.core.annotation.literal;
  38 +
  39 +import org.demoiselle.jee.core.annotation.Type;
  40 +
  41 +import javax.enterprise.util.AnnotationLiteral;
  42 +
  43 +/**
  44 + * Annotation litteral that allows to create instances of the {@link Type}
  45 + * literal. The created instance can then be used to call
  46 + * {@link javax.enterprise.inject.spi.CDI#select(Class subtype, java.lang.annotation.Annotation... qualifiers)}.
  47 + *
  48 + * @see javax.enterprise.inject.spi.CDI
  49 + * @author SERPRO
  50 + */
  51 +@SuppressWarnings("all")
  52 +public class TypeQualifier extends AnnotationLiteral<Type> implements Type {
  53 +
  54 + private static final long serialVersionUID = 1L;
  55 +
  56 + private final Class<?> value;
  57 +
  58 + /**
  59 + * Constructor with string value of name literal.
  60 + *
  61 + * @param value value of name literal.
  62 + */
  63 + public TypeQualifier(Class<?> value) {
  64 + this.value = value;
  65 + }
  66 +
  67 + @Override
  68 + public Class<?> value() {
  69 + return this.value;
  70 + }
  71 +}
... ...
security/src/main/java/org/demoiselle/jee/security/AfterLoginSuccessful.java 0 → 100644
  Diff comments   View file @586f311
... ... @@ -0,0 +1,50 @@
  1 +/*
  2 + * Demoiselle Framework
  3 + * Copyright (C) 2010 SERPRO
  4 + * ----------------------------------------------------------------------------
  5 + * This file is part of Demoiselle Framework.
  6 + *
  7 + * Demoiselle Framework is free software; you can redistribute it and/or
  8 + * modify it under the terms of the GNU Lesser General Public License version 3
  9 + * as published by the Free Software Foundation.
  10 + *
  11 + * This program is distributed in the hope that it will be useful,
  12 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14 + * GNU General Public License for more details.
  15 + *
  16 + * You should have received a copy of the GNU Lesser General Public License version 3
  17 + * along with this program; if not, see <http://www.gnu.org/licenses/>
  18 + * or write to the Free Software Foundation, Inc., 51 Franklin Street,
  19 + * Fifth Floor, Boston, MA 02110-1301, USA.
  20 + * ----------------------------------------------------------------------------
  21 + * Este arquivo é parte do Framework Demoiselle.
  22 + *
  23 + * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou
  24 + * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação
  25 + * do Software Livre (FSF).
  26 + *
  27 + * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA
  28 + * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou
  29 + * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português
  30 + * para maiores detalhes.
  31 + *
  32 + * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título
  33 + * "LICENCA.txt", junto com esse programa. Se não, acesse <http://www.gnu.org/licenses/>
  34 + * ou escreva para a Fundação do Software Livre (FSF) Inc.,
  35 + * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
  36 + */
  37 +package org.demoiselle.jee.security;
  38 +
  39 +import java.io.Serializable;
  40 +
  41 +/**
  42 + * <p>
  43 + * This interface represents an event that is fired when user successfully logs in.
  44 + * </p>
  45 + *
  46 + * @author SERPRO
  47 + */
  48 +public interface AfterLoginSuccessful extends Serializable {
  49 +
  50 +}
... ...
security/src/main/java/org/demoiselle/jee/security/AfterLogoutSuccessful.java 0 → 100644
  Diff comments   View file @586f311
... ... @@ -0,0 +1,50 @@
  1 +/*
  2 + * Demoiselle Framework
  3 + * Copyright (C) 2010 SERPRO
  4 + * ----------------------------------------------------------------------------
  5 + * This file is part of Demoiselle Framework.
  6 + *
  7 + * Demoiselle Framework is free software; you can redistribute it and/or
  8 + * modify it under the terms of the GNU Lesser General Public License version 3
  9 + * as published by the Free Software Foundation.
  10 + *
  11 + * This program is distributed in the hope that it will be useful,
  12 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14 + * GNU General Public License for more details.
  15 + *
  16 + * You should have received a copy of the GNU Lesser General Public License version 3
  17 + * along with this program; if not, see <http://www.gnu.org/licenses/>
  18 + * or write to the Free Software Foundation, Inc., 51 Franklin Street,
  19 + * Fifth Floor, Boston, MA 02110-1301, USA.
  20 + * ----------------------------------------------------------------------------
  21 + * Este arquivo é parte do Framework Demoiselle.
  22 + *
  23 + * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou
  24 + * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação
  25 + * do Software Livre (FSF).
  26 + *
  27 + * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA
  28 + * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou
  29 + * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português
  30 + * para maiores detalhes.
  31 + *
  32 + * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título
  33 + * "LICENCA.txt", junto com esse programa. Se não, acesse <http://www.gnu.org/licenses/>
  34 + * ou escreva para a Fundação do Software Livre (FSF) Inc.,
  35 + * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
  36 + */
  37 +package org.demoiselle.jee.security;
  38 +
  39 +import java.io.Serializable;
  40 +
  41 +/**
  42 + * <p>
  43 + * This interface represents an event fired just after the user unauthenticates.
  44 + * </p>
  45 + *
  46 + * @author SERPRO
  47 + */
  48 +public interface AfterLogoutSuccessful extends Serializable {
  49 +
  50 +}
... ...
security/src/main/java/org/demoiselle/jee/security/Authenticator.java 0 → 100644
  Diff comments   View file @586f311
... ... @@ -0,0 +1,89 @@
  1 +/*
  2 + * Demoiselle Framework
  3 + * Copyright (C) 2010 SERPRO
  4 + * ----------------------------------------------------------------------------
  5 + * This file is part of Demoiselle Framework.
  6 + *
  7 + * Demoiselle Framework is free software; you can redistribute it and/or
  8 + * modify it under the terms of the GNU Lesser General Public License version 3
  9 + * as published by the Free Software Foundation.
  10 + *
  11 + * This program is distributed in the hope that it will be useful,
  12 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14 + * GNU General Public License for more details.
  15 + *
  16 + * You should have received a copy of the GNU Lesser General Public License version 3
  17 + * along with this program; if not, see <http://www.gnu.org/licenses/>
  18 + * or write to the Free Software Foundation, Inc., 51 Franklin Street,
  19 + * Fifth Floor, Boston, MA 02110-1301, USA.
  20 + * ----------------------------------------------------------------------------
  21 + * Este arquivo é parte do Framework Demoiselle.
  22 + *
  23 + * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou
  24 + * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação
  25 + * do Software Livre (FSF).
  26 + *
  27 + * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA
  28 + * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou
  29 + * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português
  30 + * para maiores detalhes.
  31 + *
  32 + * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título
  33 + * "LICENCA.txt", junto com esse programa. Se não, acesse <http://www.gnu.org/licenses/>
  34 + * ou escreva para a Fundação do Software Livre (FSF) Inc.,
  35 + * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
  36 + */
  37 +package org.demoiselle.jee.security;
  38 +
  39 +import java.io.Serializable;
  40 +import java.security.Principal;
  41 +
  42 +/**
  43 + * <p>
  44 + * Defines the methods that should be implemented by anyone who wants an authentication mechanism.
  45 + * </p>
  46 + *
  47 + * @author SERPRO
  48 + */
  49 +public interface Authenticator extends Serializable {
  50 +
  51 + /**
  52 + * <p>
  53 + * Executes the necessary steps to authenticate an user. After this call, {@link #getUser()} must return
  54 + * the currently authenticated user, or <code>null</code> if the authentication process fails.
  55 + * </p>
  56 + *
  57 + * @throws InvalidCredentialsException
  58 + * You should throw this exception when the informed credentials are invalid.
  59 + *
  60 + * @throws Exception
  61 + * If the underlying authentication mechanism throwns any other exception,
  62 + * just throw it and leave the security context implementation to handle it.
  63 + */
  64 + void authenticate() throws Exception;
  65 +
  66 + /**
  67 + * <p>
  68 + * Executes the necessary steps to unauthenticate an user. After this call, {@link #getUser()} must return <code>null</code>.
  69 + * </p>
  70 + *
  71 + * @throws Exception
  72 + * If the underlying authentication mechanism throwns any other exception,
  73 + * just throw it and leave the security context implementation to handle it.
  74 + */
  75 + void unauthenticate() throws Exception;
  76 +
  77 + /**
  78 + * <p>
  79 + * Returns the currently authenticated user.
  80 + * </p>
  81 + *
  82 + * @return the user currently authenticated, or <code>null</code> if there is no
  83 + * authenticated user.
  84 + *
  85 + * @see #authenticate()
  86 + * @see #unauthenticate()
  87 + */
  88 + Principal getUser();
  89 +}
... ...
security/src/main/java/org/demoiselle/jee/security/Authorizer.java 0 → 100644
  Diff comments   View file @586f311
... ... @@ -0,0 +1,75 @@
  1 +/*
  2 + * Demoiselle Framework
  3 + * Copyright (C) 2010 SERPRO
  4 + * ----------------------------------------------------------------------------
  5 + * This file is part of Demoiselle Framework.
  6 + *
  7 + * Demoiselle Framework is free software; you can redistribute it and/or
  8 + * modify it under the terms of the GNU Lesser General Public License version 3
  9 + * as published by the Free Software Foundation.
  10 + *
  11 + * This program is distributed in the hope that it will be useful,
  12 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14 + * GNU General Public License for more details.
  15 + *
  16 + * You should have received a copy of the GNU Lesser General Public License version 3
  17 + * along with this program; if not, see <http://www.gnu.org/licenses/>
  18 + * or write to the Free Software Foundation, Inc., 51 Franklin Street,
  19 + * Fifth Floor, Boston, MA 02110-1301, USA.
  20 + * ----------------------------------------------------------------------------
  21 + * Este arquivo é parte do Framework Demoiselle.
  22 + *
  23 + * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou
  24 + * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação
  25 + * do Software Livre (FSF).
  26 + *
  27 + * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA
  28 + * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou
  29 + * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português
  30 + * para maiores detalhes.
  31 + *
  32 + * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título
  33 + * "LICENCA.txt", junto com esse programa. Se não, acesse <http://www.gnu.org/licenses/>
  34 + * ou escreva para a Fundação do Software Livre (FSF) Inc.,
  35 + * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
  36 + */
  37 +package org.demoiselle.jee.security;
  38 +
  39 +import java.io.Serializable;
  40 +
  41 +/**
  42 + * <p>
  43 + * Defines the methods that should be implemented by anyone who wants an authorization mechanism.
  44 + * </p>
  45 + *
  46 + * @author SERPRO
  47 + */
  48 +public interface Authorizer extends Serializable {
  49 +
  50 + /**
  51 + * <p>
  52 + * Checks if the logged user has a specific role.
  53 + * </p>
  54 + *
  55 + * @param role role to be checked.
  56 + * @return {@code true} if the user has the role.
  57 + * @throws Exception if the underlying permission checking mechanism throwns any other exception,
  58 + * just throw it and leave the security context implementation to handle it.
  59 + */
  60 + boolean hasRole(String role) throws Exception;
  61 +
  62 + /**
  63 + * <p>
  64 + * Checks if the logged user has permission to execute a specific operation on a specific resource.
  65 + * </p>
  66 + *
  67 + * @param resource resource to be checked.
  68 + * @param operation operation to be checked.
  69 + * @return {@code true} if the user has the permission.
  70 + * @throws Exception if the underlying permission checking mechanism throwns any other exception,
  71 + * just throw it and leave the security context implementation to handle it.
  72 + */
  73 + boolean hasPermission(String resource, String operation) throws Exception;
  74 +
  75 +}
... ...
security/src/main/java/org/demoiselle/jee/security/LoggedIn.java 0 → 100644
  Diff comments   View file @586f311
... ... @@ -0,0 +1,62 @@
  1 +/*
  2 + * Demoiselle Framework
  3 + * Copyright (C) 2010 SERPRO
  4 + * ----------------------------------------------------------------------------
  5 + * This file is part of Demoiselle Framework.
  6 + *
  7 + * Demoiselle Framework is free software; you can redistribute it and/or
  8 + * modify it under the terms of the GNU Lesser General Public License version 3
  9 + * as published by the Free Software Foundation.
  10 + *
  11 + * This program is distributed in the hope that it will be useful,
  12 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14 + * GNU General Public License for more details.
  15 + *
  16 + * You should have received a copy of the GNU Lesser General Public License version 3
  17 + * along with this program; if not, see <http://www.gnu.org/licenses/>
  18 + * or write to the Free Software Foundation, Inc., 51 Franklin Street,
  19 + * Fifth Floor, Boston, MA 02110-1301, USA.
  20 + * ----------------------------------------------------------------------------
  21 + * Este arquivo é parte do Framework Demoiselle.
  22 + *
  23 + * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou
  24 + * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação
  25 + * do Software Livre (FSF).
  26 + *
  27 + * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA
  28 + * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou
  29 + * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português
  30 + * para maiores detalhes.
  31 + *
  32 + * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título
  33 + * "LICENCA.txt", junto com esse programa. Se não, acesse <http://www.gnu.org/licenses/>
  34 + * ou escreva para a Fundação do Software Livre (FSF) Inc.,
  35 + * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
  36 + */
  37 +
  38 +package org.demoiselle.jee.security;
  39 +
  40 +import javax.interceptor.InterceptorBinding;
  41 +import java.lang.annotation.Inherited;
  42 +import java.lang.annotation.Retention;
  43 +import java.lang.annotation.Target;
  44 +
  45 +import static java.lang.annotation.ElementType.METHOD;
  46 +import static java.lang.annotation.ElementType.TYPE;
  47 +import static java.lang.annotation.RetentionPolicy.RUNTIME;
  48 +
  49 +/**
  50 + * <p>
  51 + * Indicates that a specific permission is required in order to invocate the annotated method or class.
  52 + * </p>
  53 + *
  54 + * @author SERPRO
  55 + */
  56 +
  57 +@Inherited
  58 +@InterceptorBinding
  59 +@Target({ METHOD, TYPE })
  60 +@Retention(RUNTIME)
  61 +public @interface LoggedIn {
  62 +}
... ...
security/src/main/java/org/demoiselle/jee/security/RequiredPermission.java 0 → 100644
  Diff comments   View file @586f311
... ... @@ -0,0 +1,65 @@
  1 +/*
  2 + * Demoiselle Framework
  3 + * Copyright (C) 2010 SERPRO
  4 + * ----------------------------------------------------------------------------
  5 + * This file is part of Demoiselle Framework.
  6 + *
  7 + * Demoiselle Framework is free software; you can redistribute it and/or
  8 + * modify it under the terms of the GNU Lesser General Public License version 3
  9 + * as published by the Free Software Foundation.
  10 + *
  11 + * This program is distributed in the hope that it will be useful,
  12 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14 + * GNU General Public License for more details.
  15 + *
  16 + * You should have received a copy of the GNU Lesser General Public License version 3
  17 + * along with this program; if not, see <http://www.gnu.org/licenses/>
  18 + * or write to the Free Software Foundation, Inc., 51 Franklin Street,
  19 + * Fifth Floor, Boston, MA 02110-1301, USA.
  20 + * ----------------------------------------------------------------------------
  21 + * Este arquivo é parte do Framework Demoiselle.
  22 + *
  23 + * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou
  24 + * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação
  25 + * do Software Livre (FSF).
  26 + *
  27 + * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA
  28 + * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou
  29 + * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português
  30 + * para maiores detalhes.
  31 + *
  32 + * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título
  33 + * "LICENCA.txt", junto com esse programa. Se não, acesse <http://www.gnu.org/licenses/>
  34 + * ou escreva para a Fundação do Software Livre (FSF) Inc.,
  35 + * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
  36 + */
  37 +package org.demoiselle.jee.security;
  38 +
  39 +import javax.enterprise.util.Nonbinding;
  40 +import javax.interceptor.InterceptorBinding;
  41 +import java.lang.annotation.Inherited;
  42 +import java.lang.annotation.Retention;
  43 +import java.lang.annotation.Target;
  44 +
  45 +import static java.lang.annotation.ElementType.METHOD;
  46 +import static java.lang.annotation.ElementType.TYPE;
  47 +import static java.lang.annotation.RetentionPolicy.RUNTIME;
  48 +
  49 +/**
  50 + * Indicates that a specific permission is required in order to invocate the annotated method or class.
  51 + *
  52 + * @author SERPRO
  53 + */
  54 +@Inherited
  55 +@InterceptorBinding
  56 +@Target({ METHOD, TYPE })
  57 +@Retention(RUNTIME)
  58 +public @interface RequiredPermission {
  59 +
  60 + @Nonbinding
  61 + String resource() default "";
  62 +
  63 + @Nonbinding
  64 + String operation() default "";
  65 +}
... ...
security/src/main/java/org/demoiselle/jee/security/RequiredRole.java 0 → 100644
  Diff comments   View file @586f311
... ... @@ -0,0 +1,65 @@
  1 +/*
  2 + * Demoiselle Framework
  3 + * Copyright (C) 2010 SERPRO
  4 + * ----------------------------------------------------------------------------
  5 + * This file is part of Demoiselle Framework.
  6 + *
  7 + * Demoiselle Framework is free software; you can redistribute it and/or
  8 + * modify it under the terms of the GNU Lesser General Public License version 3
  9 + * as published by the Free Software Foundation.
  10 + *
  11 + * This program is distributed in the hope that it will be useful,
  12 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14 + * GNU General Public License for more details.
  15 + *
  16 + * You should have received a copy of the GNU Lesser General Public License version 3
  17 + * along with this program; if not, see <http://www.gnu.org/licenses/>
  18 + * or write to the Free Software Foundation, Inc., 51 Franklin Street,
  19 + * Fifth Floor, Boston, MA 02110-1301, USA.
  20 + * ----------------------------------------------------------------------------
  21 + * Este arquivo é parte do Framework Demoiselle.
  22 + *
  23 + * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou
  24 + * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação
  25 + * do Software Livre (FSF).
  26 + *
  27 + * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA
  28 + * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou
  29 + * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português
  30 + * para maiores detalhes.
  31 + *
  32 + * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título
  33 + * "LICENCA.txt", junto com esse programa. Se não, acesse <http://www.gnu.org/licenses/>
  34 + * ou escreva para a Fundação do Software Livre (FSF) Inc.,
  35 + * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
  36 + */
  37 +package org.demoiselle.jee.security;
  38 +
  39 +import javax.enterprise.util.Nonbinding;
  40 +import javax.interceptor.InterceptorBinding;
  41 +import java.lang.annotation.Inherited;
  42 +import java.lang.annotation.Retention;
  43 +import java.lang.annotation.Target;
  44 +
  45 +import static java.lang.annotation.ElementType.METHOD;
  46 +import static java.lang.annotation.ElementType.TYPE;
  47 +import static java.lang.annotation.RetentionPolicy.RUNTIME;
  48 +
  49 +/**
  50 + * <p>
  51 + * Indicates that the annotated method or class requires the user to have one or more roles associated in order to be
  52 + * invocated.
  53 + * </p>
  54 + *
  55 + * @author SERPRO
  56 + */
  57 +@Inherited
  58 +@InterceptorBinding
  59 +@Target({ METHOD, TYPE })
  60 +@Retention(RUNTIME)
  61 +public @interface RequiredRole {
  62 +
  63 + @Nonbinding
  64 + String[] value();
  65 +}
... ...
security/src/main/java/org/demoiselle/jee/security/SecurityContext.java 0 → 100644
  Diff comments   View file @586f311
... ... @@ -0,0 +1,119 @@
  1 +/*
  2 + * Demoiselle Framework
  3 + * Copyright (C) 2010 SERPRO
  4 + * ----------------------------------------------------------------------------
  5 + * This file is part of Demoiselle Framework.
  6 + *
  7 + * Demoiselle Framework is free software; you can redistribute it and/or
  8 + * modify it under the terms of the GNU Lesser General Public License version 3
  9 + * as published by the Free Software Foundation.
  10 + *
  11 + * This program is distributed in the hope that it will be useful,
  12 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14 + * GNU General Public License for more details.
  15 + *
  16 + * You should have received a copy of the GNU Lesser General Public License version 3
  17 + * along with this program; if not, see <http://www.gnu.org/licenses/>
  18 + * or write to the Free Software Foundation, Inc., 51 Franklin Street,
  19 + * Fifth Floor, Boston, MA 02110-1301, USA.
  20 + * ----------------------------------------------------------------------------
  21 + * Este arquivo é parte do Framework Demoiselle.
  22 + *
  23 + * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou
  24 + * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação
  25 + * do Software Livre (FSF).
  26 + *
  27 + * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA
  28 + * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou
  29 + * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português
  30 + * para maiores detalhes.
  31 + *
  32 + * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título
  33 + * "LICENCA.txt", junto com esse programa. Se não, acesse <http://www.gnu.org/licenses/>
  34 + * ou escreva para a Fundação do Software Livre (FSF) Inc.,
  35 + * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
  36 + */
  37 +package org.demoiselle.jee.security;
  38 +
  39 +import java.io.Serializable;
  40 +import java.security.Principal;
  41 +
  42 +/**
  43 + * <p>
  44 + * Structure used to handle both authentication and authorizations mechanisms.
  45 + * </p>
  46 + *
  47 + * @author SERPRO
  48 + */
  49 +public interface SecurityContext extends Serializable {
  50 +
  51 + /**
  52 + * Executes the login of a user to the application.
  53 + *
  54 + * @throws AuthenticationException
  55 + * When the logon process fails, this exception is thrown.
  56 + * @throws InvalidCredentialsException
  57 + * When the user's credentials coudn't be validated. InvalidCredentialsException is a special case of
  58 + * AuthenticationException.
  59 + */
  60 + void login();
  61 +
  62 + /**
  63 + * Executes the logout of a user.
  64 + *
  65 + * @throws AuthenticationException
  66 + * When the logout process fails, this exception is thrown.
  67 + */
  68 + void logout();
  69 +
  70 + /**
  71 + * Checks if a specific user is logged in.
  72 + *
  73 + * @return {@code true} if the user is logged in
  74 + */
  75 + boolean isLoggedIn();
  76 +
  77 + /**
  78 + * @throws NotLoggedInException
  79 + * if there is no user logged in a specific session
  80 + */
  81 + void checkLoggedIn();
  82 +
  83 + /**
  84 + * Checks if the logged user has permission to execute an specific operation on a specific resource.
  85 + *
  86 + * @param resource
  87 + * resource to be checked
  88 + * @param operation
  89 + * operation to be checked
  90 + * @return {@code true} if the user has the permission
  91 + * @throws AuthorizationException
  92 + * When the permission checking fails, this exception is thrown.
  93 + * @throws NotLoggedInException
  94 + * if there is no user logged in a specific session.
  95 + */
  96 + boolean hasPermission(String resource, String operation);
  97 +
  98 + /**
  99 + * Checks if the logged user has an specific role
  100 + *
  101 + * @param role
  102 + * role to be checked
  103 + * @return {@code true} if the user has the role
  104 + * @throws AuthorizationException
  105 + * When the permission checking fails, this exception is thrown.
  106 + * @throws NotLoggedInException
  107 + * if there is no user logged in a specific session.
  108 + */
  109 + boolean hasRole(String role);
  110 +
  111 + /**
  112 + * Return the user logged in the session.
  113 + *
  114 + * @return the user logged in a specific authenticated session. If there is no active session {@code null} is
  115 + * returned.
  116 + */
  117 + Principal getUser();
  118 +
  119 +}
... ...
security/src/main/java/org/demoiselle/jee/security/exception/AuthenticationException.java 0 → 100644
  Diff comments   View file @586f311
... ... @@ -0,0 +1,83 @@
  1 +/*
  2 + * Demoiselle Framework
  3 + * Copyright (C) 2010 SERPRO
  4 + * ----------------------------------------------------------------------------
  5 + * This file is part of Demoiselle Framework.
  6 + *
  7 + * Demoiselle Framework is free software; you can redistribute it and/or
  8 + * modify it under the terms of the GNU Lesser General Public License version 3
  9 + * as published by the Free Software Foundation.
  10 + *
  11 + * This program is distributed in the hope that it will be useful,
  12 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14 + * GNU General Public License for more details.
  15 + *
  16 + * You should have received a copy of the GNU Lesser General Public License version 3
  17 + * along with this program; if not, see <http://www.gnu.org/licenses/>
  18 + * or write to the Free Software Foundation, Inc., 51 Franklin Street,
  19 + * Fifth Floor, Boston, MA 02110-1301, USA.
  20 + * ----------------------------------------------------------------------------
  21 + * Este arquivo é parte do Framework Demoiselle.
  22 + *
  23 + * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou
  24 + * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação
  25 + * do Software Livre (FSF).
  26 + *
  27 + * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA
  28 + * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou
  29 + * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português
  30 + * para maiores detalhes.
  31 + *
  32 + * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título
  33 + * "LICENCA.txt", junto com esse programa. Se não, acesse <http://www.gnu.org/licenses/>
  34 + * ou escreva para a Fundação do Software Livre (FSF) Inc.,
  35 + * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
  36 + */
  37 +package org.demoiselle.jee.security.exception;
  38 +
  39 +/**
  40 + * <p>
  41 + * Thrown when the mecanism responsible for the entire authentication lifecycle fails.
  42 + * </p>
  43 + *
  44 + * @author SERPRO
  45 + */
  46 +public class AuthenticationException extends SecurityException {
  47 +
  48 + private static final long serialVersionUID = 1L;
  49 +
  50 + /**
  51 + * <p>
  52 + * Constructor with message.
  53 + * </p>
  54 + *
  55 + * @param message exception message
  56 + */
  57 + public AuthenticationException(String message) {
  58 + super(message);
  59 + }
  60 +
  61 + /**
  62 + * <p>
  63 + * Constructor with the cause.
  64 + * </p>
  65 + *
  66 + * @param cause exception cause
  67 + */
  68 + public AuthenticationException(Throwable cause) {
  69 + super(cause);
  70 + }
  71 +
  72 + /**
  73 + * <p>
  74 + * Constructor with message and cause.
  75 + * </p>
  76 + *
  77 + * @param message exception message
  78 + * @param cause exception cause
  79 + */
  80 + public AuthenticationException(String message, Throwable cause) {
  81 + super(message, cause);
  82 + }
  83 +}
... ...
security/src/main/java/org/demoiselle/jee/security/exception/AuthorizationException.java 0 → 100644
  Diff comments   View file @586f311
... ... @@ -0,0 +1,72 @@
  1 +/*
  2 + * Demoiselle Framework
  3 + * Copyright (C) 2010 SERPRO
  4 + * ----------------------------------------------------------------------------
  5 + * This file is part of Demoiselle Framework.
  6 + *
  7 + * Demoiselle Framework is free software; you can redistribute it and/or
  8 + * modify it under the terms of the GNU Lesser General Public License version 3
  9 + * as published by the Free Software Foundation.
  10 + *
  11 + * This program is distributed in the hope that it will be useful,
  12 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14 + * GNU General Public License for more details.
  15 + *
  16 + * You should have received a copy of the GNU Lesser General Public License version 3
  17 + * along with this program; if not, see <http://www.gnu.org/licenses/>
  18 + * or write to the Free Software Foundation, Inc., 51 Franklin Street,
  19 + * Fifth Floor, Boston, MA 02110-1301, USA.
  20 + * ----------------------------------------------------------------------------
  21 + * Este arquivo é parte do Framework Demoiselle.
  22 + *
  23 + * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou
  24 + * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação
  25 + * do Software Livre (FSF).
  26 + *
  27 + * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA
  28 + * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou
  29 + * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português
  30 + * para maiores detalhes.
  31 + *
  32 + * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título
  33 + * "LICENCA.txt", junto com esse programa. Se não, acesse <http://www.gnu.org/licenses/>
  34 + * ou escreva para a Fundação do Software Livre (FSF) Inc.,
  35 + * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
  36 + */
  37 +package org.demoiselle.jee.security.exception;
  38 +
  39 +/**
  40 + * <p>
  41 + * Thrown when a fail on trying to access some resource and/or execute an
  42 + * operation without the proper authorization.
  43 + * </p>
  44 + *
  45 + * @author SERPRO
  46 + */
  47 +public class AuthorizationException extends SecurityException {
  48 +
  49 + private static final long serialVersionUID = 1L;
  50 +
  51 + /**
  52 + * <p>
  53 + * Constructor with message.
  54 + * </p>
  55 + *
  56 + * @param message exception message
  57 + */
  58 + public AuthorizationException(String message) {
  59 + super(message);
  60 + }
  61 +
  62 + /**
  63 + * <p>
  64 + * Constructor with the cause.
  65 + * </p>
  66 + *
  67 + * @param cause exception cause
  68 + */
  69 + public AuthorizationException(Throwable cause) {
  70 + super(cause);
  71 + }
  72 +}
... ...
security/src/main/java/org/demoiselle/jee/security/exception/InvalidCredentialsException.java 0 → 100644
  Diff comments   View file @586f311
... ... @@ -0,0 +1,80 @@
  1 +/*
  2 + * Demoiselle Framework
  3 + * Copyright (C) 2010 SERPRO
  4 + * ----------------------------------------------------------------------------
  5 + * This file is part of Demoiselle Framework.
  6 + *
  7 + * Demoiselle Framework is free software; you can redistribute it and/or
  8 + * modify it under the terms of the GNU Lesser General Public License version 3
  9 + * as published by the Free Software Foundation.
  10 + *
  11 + * This program is distributed in the hope that it will be useful,
  12 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14 + * GNU General Public License for more details.
  15 + *
  16 + * You should have received a copy of the GNU Lesser General Public License version 3
  17 + * along with this program; if not, see <http://www.gnu.org/licenses/>
  18 + * or write to the Free Software Foundation, Inc., 51 Franklin Street,
  19 + * Fifth Floor, Boston, MA 02110-1301, USA.
  20 + * ----------------------------------------------------------------------------
  21 + * Este arquivo é parte do Framework Demoiselle.
  22 + *
  23 + * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou
  24 + * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação
  25 + * do Software Livre (FSF).
  26 + *
  27 + * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA
  28 + * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou
  29 + * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português
  30 + * para maiores detalhes.
  31 + *
  32 + * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título
  33 + * "LICENCA.txt", junto com esse programa. Se não, acesse <http://www.gnu.org/licenses/>
  34 + * ou escreva para a Fundação do Software Livre (FSF) Inc.,
  35 + * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
  36 + */
  37 +package org.demoiselle.jee.security.exception;
  38 +
  39 +import javax.enterprise.inject.spi.CDI;
  40 +import org.demoiselle.jee.core.annotation.literal.NameQualifier;
  41 +import org.demoiselle.jee.core.util.ResourceBundle;
  42 +
  43 +/**
  44 + * <p>
  45 + * Thrown when the user's credentials are invalid.
  46 + * </p>
  47 + *
  48 + * @author SERPRO
  49 + */
  50 +public class InvalidCredentialsException extends AuthenticationException {
  51 +
  52 + private static final long serialVersionUID = 1L;
  53 +
  54 + public InvalidCredentialsException() {
  55 + super(CDI.current().select(ResourceBundle.class, new NameQualifier("demoiselle-core-bundle")).get().getString("invalid-credentials"));
  56 + }
  57 +
  58 + /**
  59 + * <p>
  60 + * Constructs an <code>InvalidCredentialsException</code> with a message.
  61 + * </p>
  62 + *
  63 + * @param message exception message.
  64 + */
  65 + public InvalidCredentialsException(String message) {
  66 + super(message);
  67 + }
  68 +
  69 + /**
  70 + * <p>
  71 + * Constructor with message and cause.
  72 + * </p>
  73 + *
  74 + * @param message exception message.
  75 + * @param cause exception cause.
  76 + */
  77 + public InvalidCredentialsException(String message, Throwable cause) {
  78 + super(message, cause);
  79 + }
  80 +}
... ...
security/src/main/java/org/demoiselle/jee/security/exception/NotLoggedInException.java 0 → 100644
  Diff comments   View file @586f311
... ... @@ -0,0 +1,60 @@
  1 +/*
  2 + * Demoiselle Framework
  3 + * Copyright (C) 2010 SERPRO
  4 + * ----------------------------------------------------------------------------
  5 + * This file is part of Demoiselle Framework.
  6 + *
  7 + * Demoiselle Framework is free software; you can redistribute it and/or
  8 + * modify it under the terms of the GNU Lesser General Public License version 3
  9 + * as published by the Free Software Foundation.
  10 + *
  11 + * This program is distributed in the hope that it will be useful,
  12 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14 + * GNU General Public License for more details.
  15 + *
  16 + * You should have received a copy of the GNU Lesser General Public License version 3
  17 + * along with this program; if not, see <http://www.gnu.org/licenses/>
  18 + * or write to the Free Software Foundation, Inc., 51 Franklin Street,
  19 + * Fifth Floor, Boston, MA 02110-1301, USA.
  20 + * ----------------------------------------------------------------------------
  21 + * Este arquivo é parte do Framework Demoiselle.
  22 + *
  23 + * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou
  24 + * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação
  25 + * do Software Livre (FSF).
  26 + *
  27 + * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA
  28 + * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou
  29 + * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português
  30 + * para maiores detalhes.
  31 + *
  32 + * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título
  33 + * "LICENCA.txt", junto com esse programa. Se não, acesse <http://www.gnu.org/licenses/>
  34 + * ou escreva para a Fundação do Software Livre (FSF) Inc.,
  35 + * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
  36 + */
  37 +package org.demoiselle.jee.security.exception;
  38 +
  39 +/**
  40 + * <p>
  41 + * Thrown when trying to access some resource or execute an operation that requires authentication.
  42 + * </p>
  43 + *
  44 + * @author SERPRO
  45 + */
  46 +public class NotLoggedInException extends AuthenticationException {
  47 +
  48 + private static final long serialVersionUID = 1L;
  49 +
  50 + /**
  51 + * <p>
  52 + * Constructs an <code>NotLoggedInException</code> with a message.
  53 + * </p>
  54 + *
  55 + * @param message exception message
  56 + */
  57 + public NotLoggedInException(String message) {
  58 + super(message);
  59 + }
  60 +}
... ...
security/src/main/java/org/demoiselle/jee/security/exception/SecurityException.java 0 → 100644
  Diff comments   View file @586f311
... ... @@ -0,0 +1,79 @@
  1 +/*
  2 + * Demoiselle Framework
  3 + * Copyright (C) 2010 SERPRO
  4 + * ----------------------------------------------------------------------------
  5 + * This file is part of Demoiselle Framework.
  6 + *
  7 + * Demoiselle Framework is free software; you can redistribute it and/or
  8 + * modify it under the terms of the GNU Lesser General Public License version 3
  9 + * as published by the Free Software Foundation.
  10 + *
  11 + * This program is distributed in the hope that it will be useful,
  12 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14 + * GNU General Public License for more details.
  15 + *
  16 + * You should have received a copy of the GNU Lesser General Public License version 3
  17 + * along with this program; if not, see <http://www.gnu.org/licenses/>
  18 + * or write to the Free Software Foundation, Inc., 51 Franklin Street,
  19 + * Fifth Floor, Boston, MA 02110-1301, USA.
  20 + * ----------------------------------------------------------------------------
  21 + * Este arquivo é parte do Framework Demoiselle.
  22 + *
  23 + * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou
  24 + * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação
  25 + * do Software Livre (FSF).
  26 + *
  27 + * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA
  28 + * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou
  29 + * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português
  30 + * para maiores detalhes.
  31 + *
  32 + * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título
  33 + * "LICENCA.txt", junto com esse programa. Se não, acesse <http://www.gnu.org/licenses/>
  34 + * ou escreva para a Fundação do Software Livre (FSF) Inc.,
  35 + * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
  36 + */
  37 +package org.demoiselle.jee.security.exception;
  38 +
  39 +import org.demoiselle.jee.core.exception.DemoiselleException;
  40 +
  41 +/**
  42 + * <code>SecurityException</code> is the superclass of those exceptions that can
  43 + * be thrown due to any security related issue.
  44 + *
  45 + * @author SERPRO
  46 + */
  47 +public class SecurityException extends DemoiselleException {
  48 +
  49 + private static final long serialVersionUID = 1L;
  50 +
  51 + /**
  52 + * Constructs an <code>SecurityException</code> with the specified detail
  53 + * message.
  54 + *
  55 + * @param message the detail message.
  56 + */
  57 + SecurityException(String message) {
  58 + super(message);
  59 + }
  60 +
  61 + /**
  62 + * Constructor with the cause.
  63 + *
  64 + * @param cause exception cause
  65 + */
  66 + SecurityException(Throwable cause) {
  67 + super(cause);
  68 + }
  69 +
  70 + /**
  71 + * Constructor with message and cause.
  72 + *
  73 + * @param message exception message
  74 + * @param cause exception cause
  75 + */
  76 + SecurityException(String message, Throwable cause) {
  77 + super(message, cause);
  78 + }
  79 +}
... ...
security/src/main/java/org/demoiselle/jee/security/impl/SecurityContextImpl.java 0 → 100644
  Diff comments   View file @586f311
... ... @@ -0,0 +1,231 @@
  1 +package org.demoiselle.jee.security.impl;
  2 +
  3 +import javax.enterprise.context.Dependent;
  4 +import javax.enterprise.inject.spi.CDI;
  5 +import javax.inject.Named;
  6 +import java.io.Serializable;
  7 +import java.security.Principal;
  8 +import org.demoiselle.jee.core.annotation.literal.NameQualifier;
  9 +import org.demoiselle.jee.core.annotation.literal.StrategyQualifier;
  10 +import org.demoiselle.jee.core.exception.DemoiselleException;
  11 +import org.demoiselle.jee.core.util.ResourceBundle;
  12 +import org.demoiselle.jee.security.AfterLoginSuccessful;
  13 +import org.demoiselle.jee.security.AfterLogoutSuccessful;
  14 +import org.demoiselle.jee.security.Authenticator;
  15 +import org.demoiselle.jee.security.Authorizer;
  16 +import org.demoiselle.jee.security.SecurityContext;
  17 +import org.demoiselle.jee.security.exception.AuthenticationException;
  18 +import org.demoiselle.jee.security.exception.AuthorizationException;
  19 +import org.demoiselle.jee.security.exception.NotLoggedInException;
  20 +
  21 +/**
  22 + * <p>
  23 + * This is the default implementation of {@link SecurityContext} interface.
  24 + * </p>
  25 + *
  26 + * @author SERPRO
  27 + */
  28 +@Dependent
  29 +@Named("securityContext")
  30 +public class SecurityContextImpl implements SecurityContext {
  31 +
  32 + private static final long serialVersionUID = 1L;
  33 +
  34 + private transient ResourceBundle bundle;
  35 +
  36 + private Authenticator authenticator;
  37 +
  38 + private Authorizer authorizer;
  39 +
  40 + private Authenticator getAuthenticator() {
  41 + if (this.authenticator == null) {
  42 + Class<? extends Authenticator> type = getConfig().getAuthenticatorClass();
  43 +
  44 + if (type != null) {
  45 + this.authenticator = CDI.current().select(type).get(); //Beans.getReference(type);
  46 + } else {
  47 + this.authenticator = CDI.current().select(Authenticator.class, new StrategyQualifier()).get(); // Beans.getReference(Authenticator.class, new StrategyQualifier());
  48 + }
  49 + }
  50 +
  51 + return this.authenticator;
  52 + }
  53 +
  54 + private Authorizer getAuthorizer() {
  55 + if (this.authorizer == null) {
  56 + Class<? extends Authorizer> type = getConfig().getAuthorizerClass();
  57 +
  58 + if (type != null) {
  59 + this.authorizer = CDI.current().select(type).get(); //Beans.getReference(type);
  60 + } else {
  61 + this.authorizer = CDI.current().select(Authorizer.class, new StrategyQualifier()).get(); //Beans.getReference(Authorizer.class, new StrategyQualifier());
  62 + }
  63 + }
  64 +
  65 + return this.authorizer;
  66 + }
  67 +
  68 + /**
  69 + * @see org.demoiselle.security.SecurityContext#hasPermission(String,
  70 + * String)
  71 + */
  72 + @Override
  73 + public boolean hasPermission(String resource, String operation) {
  74 + boolean result = true;
  75 +
  76 + if (getConfig().isEnabled()) {
  77 + checkLoggedIn();
  78 +
  79 + try {
  80 + result = getAuthorizer().hasPermission(resource, operation);
  81 +
  82 + } catch (DemoiselleException cause) {
  83 + throw cause;
  84 +
  85 + } catch (Exception cause) {
  86 + throw new AuthorizationException(cause);
  87 + }
  88 + }
  89 +
  90 + return result;
  91 + }
  92 +
  93 + /**
  94 + * @see org.demoiselle.security.SecurityContext#hasRole(String)
  95 + */
  96 + @Override
  97 + public boolean hasRole(String role) {
  98 + boolean result = true;
  99 +
  100 + if (getConfig().isEnabled()) {
  101 + checkLoggedIn();
  102 +
  103 + try {
  104 + result = getAuthorizer().hasRole(role);
  105 +
  106 + } catch (DemoiselleException cause) {
  107 + throw cause;
  108 +
  109 + } catch (Exception cause) {
  110 + throw new AuthorizationException(cause);
  111 + }
  112 + }
  113 +
  114 + return result;
  115 + }
  116 +
  117 + /**
  118 + * @see org.demoiselle.security.SecurityContext#isLoggedIn()
  119 + */
  120 + @Override
  121 + public boolean isLoggedIn() {
  122 + boolean result = true;
  123 +
  124 + if (getConfig().isEnabled()) {
  125 + result = getUser() != null;
  126 + }
  127 +
  128 + return result;
  129 + }
  130 +
  131 + /**
  132 + * @see org.demoiselle.security.SecurityContext#login()
  133 + */
  134 + @Override
  135 + public void login() {
  136 + if (getConfig().isEnabled()) {
  137 +
  138 + try {
  139 + getAuthenticator().authenticate();
  140 +
  141 + } catch (DemoiselleException cause) {
  142 + throw cause;
  143 +
  144 + } catch (Exception cause) {
  145 + throw new AuthenticationException(cause);
  146 + }
  147 +
  148 + CDI.current().getBeanManager().fireEvent(new AfterLoginSuccessful() {
  149 +
  150 + private static final long serialVersionUID = 1L;
  151 + });
  152 +// Beans.getBeanManager().fireEvent(new AfterLoginSuccessful() {
  153 +//
  154 +// private static final long serialVersionUID = 1L;
  155 +// });
  156 + }
  157 + }
  158 +
  159 + /**
  160 + * @see org.demoiselle.security.SecurityContext#logout()
  161 + */
  162 + @Override
  163 + public void logout() throws NotLoggedInException {
  164 + if (getConfig().isEnabled()) {
  165 + checkLoggedIn();
  166 +
  167 + try {
  168 + getAuthenticator().unauthenticate();
  169 +
  170 + } catch (DemoiselleException cause) {
  171 + throw cause;
  172 +
  173 + } catch (Exception cause) {
  174 + throw new AuthenticationException(cause);
  175 + }
  176 +
  177 + CDI.current().getBeanManager().fireEvent(new AfterLogoutSuccessful() {
  178 +
  179 + private static final long serialVersionUID = 1L;
  180 + });
  181 +// Beans.getBeanManager().fireEvent(new AfterLogoutSuccessful() {
  182 +//
  183 +// private static final long serialVersionUID = 1L;
  184 +// });
  185 + }
  186 + }
  187 +
  188 + /**
  189 + * @see org.demoiselle.security.SecurityContext#getUser()
  190 + */
  191 + @Override
  192 + public Principal getUser() {
  193 + Principal user = getAuthenticator().getUser();
  194 +
  195 + if (!getConfig().isEnabled() && user == null) {
  196 + user = new EmptyUser();
  197 + }
  198 +
  199 + return user;
  200 + }
  201 +
  202 + private SecurityConfig getConfig() {
  203 + return CDI.current().select(SecurityConfig.class).get();
  204 +// return Beans.getReference(SecurityConfig.class);
  205 + }
  206 +
  207 + public void checkLoggedIn() throws NotLoggedInException {
  208 + if (!isLoggedIn()) {
  209 + throw new NotLoggedInException(getBundle().getString("user-not-authenticated"));
  210 + }
  211 + }
  212 +
  213 + private ResourceBundle getBundle() {
  214 + if (bundle == null) {
  215 + bundle = CDI.current().select(ResourceBundle.class, new NameQualifier("demoiselle-core-bundle")).get();
  216 +// bundle = Beans.getReference(ResourceBundle.class, new NameQualifier("demoiselle-core-bundle"));
  217 + }
  218 +
  219 + return bundle;
  220 + }
  221 +
  222 + private static class EmptyUser implements Principal, Serializable {
  223 +
  224 + private static final long serialVersionUID = 1L;
  225 +
  226 + @Override
  227 + public String getName() {
  228 + return "demoiselle";
  229 + }
  230 + }
  231 +}
... ...
security/src/main/java/org/demoiselle/jee/security/interceptor/LoggedInInterceptor.java 0 → 100644
  Diff comments   View file @586f311
... ... @@ -0,0 +1,72 @@
  1 +/*
  2 + * Demoiselle Framework
  3 + * Copyright (C) 2010 SERPRO
  4 + * ----------------------------------------------------------------------------
  5 + * This file is part of Demoiselle Framework.
  6 + *
  7 + * Demoiselle Framework is free software; you can redistribute it and/or
  8 + * modify it under the terms of the GNU Lesser General Public License version 3
  9 + * as published by the Free Software Foundation.
  10 + *
  11 + * This program is distributed in the hope that it will be useful,
  12 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14 + * GNU General Public License for more details.
  15 + *
  16 + * You should have received a copy of the GNU Lesser General Public License version 3
  17 + * along with this program; if not, see <http://www.gnu.org/licenses/>
  18 + * or write to the Free Software Foundation, Inc., 51 Franklin Street,
  19 + * Fifth Floor, Boston, MA 02110-1301, USA.
  20 + * ----------------------------------------------------------------------------
  21 + * Este arquivo é parte do Framework Demoiselle.
  22 + *
  23 + * O Framework Demoiselle é um software livre; você pode redistribuí-lo e/ou
  24 + * modificá-lo dentro dos termos da GNU LGPL versão 3 como publicada pela Fundação
  25 + * do Software Livre (FSF).
  26 + *
  27 + * Este programa é distribuído na esperança que possa ser útil, mas SEM NENHUMA
  28 + * GARANTIA; sem uma garantia implícita de ADEQUAÇÃO a qualquer MERCADO ou
  29 + * APLICAÇÃO EM PARTICULAR. Veja a Licença Pública Geral GNU/LGPL em português
  30 + * para maiores detalhes.
  31 + *
  32 + * Você deve ter recebido uma cópia da GNU LGPL versão 3, sob o título
  33 + * "LICENCA.txt", junto com esse programa. Se não, acesse <http://www.gnu.org/licenses/>
  34 + * ou escreva para a Fundação do Software Livre (FSF) Inc.,
  35 + * 51 Franklin St, Fifth Floor, Boston, MA 02111-1301, USA.
  36 + */
  37 +
  38 +package org.demoiselle.jee.security.interceptor;
  39 +
  40 +import javax.annotation.Priority;
  41 +import javax.inject.Inject;
  42 +import javax.interceptor.AroundInvoke;
  43 +import javax.interceptor.Interceptor;
  44 +import javax.interceptor.InvocationContext;
  45 +import java.io.Serializable;
  46 +import org.demoiselle.jee.security.LoggedIn;
  47 +import org.demoiselle.jee.security.SecurityContext;
  48 +
  49 +/**
  50 + * <p>
  51 + *Intercepts calls with {@link LoggedIn} annotations.
  52 + * </p>
  53 + *
  54 + * @author SERPRO
  55 + */
  56 +
  57 +@LoggedIn
  58 +@Interceptor
  59 +@Priority(Interceptor.Priority.APPLICATION)
  60 +public class LoggedInInterceptor implements Serializable{
  61 +
  62 + private static final long serialVersionUID = 1L;
  63 +
  64 + @Inject
  65 + private SecurityContext securityContext;
  66 +
  67 + @AroundInvoke
  68 + public Object manage(final InvocationContext ic) throws Exception {
  69 + securityContext.checkLoggedIn();
  70 + return ic.proceed();
  71 + }
  72 +}
... ...
security/src/main/java/org/demoiselle/jee/security/interceptor/RequiredPermissionInterceptor.java 0 → 100644
  Diff comments   View file @586f311
... ... @@ -0,0 +1,145 @@
  1 +package org.demoiselle.jee.security.interceptor;
  2 +
  3 +import org.demoiselle.jee.security.exception.AuthorizationException;
  4 +
  5 +import javax.annotation.Priority;
  6 +import javax.enterprise.inject.spi.CDI;
  7 +import javax.interceptor.AroundInvoke;
  8 +import javax.interceptor.Interceptor;
  9 +import javax.interceptor.InvocationContext;
  10 +import java.io.Serializable;
  11 +import java.util.logging.Logger;
  12 +import javax.inject.Inject;
  13 +import static javax.sql.rowset.spi.SyncFactory.getLogger;
  14 +import org.demoiselle.jee.core.annotation.Name;
  15 +import org.demoiselle.jee.core.util.ResourceBundle;
  16 +import org.demoiselle.jee.core.util.Strings;
  17 +import org.demoiselle.jee.security.RequiredPermission;
  18 +import org.demoiselle.jee.security.SecurityContext;
  19 +
  20 +/**
  21 + * <p>
  22 + * Intercepts calls with {@code @RequiredPermission} annotation.
  23 + * </p>
  24 + *
  25 + * @author SERPRO
  26 + */
  27 +@RequiredPermission
  28 +@Interceptor
  29 +@Priority(Interceptor.Priority.APPLICATION)
  30 +public class RequiredPermissionInterceptor implements Serializable {
  31 +
  32 + private static final long serialVersionUID = 1L;
  33 +
  34 + @Inject
  35 + private ResourceBundle bundle;
  36 +
  37 + @Inject
  38 + private Logger logger;
  39 +
  40 + /**
  41 + * <p>
  42 + * Gets the values for both resource and operation properties of
  43 + * {@code @RequiredPermission}. Delegates to {@code SecurityContext} check
  44 + * permissions. If the user has the required permission it executes the
  45 + * mehtod, otherwise throws an exception. Returns what is returned from the
  46 + * intercepted method. If the method's return type is {@code void} returns
  47 + * {@code null}.
  48 + * </p>
  49 + *
  50 + * @param ic the {@code InvocationContext} in which the method is being
  51 + * called.
  52 + * @return what is returned from the intercepted method. If the method's
  53 + * return type is {@code void} returns {@code null}.
  54 + * @throws Exception if there is an error during the permission check or
  55 + * during the method's processing.
  56 + */
  57 + @AroundInvoke
  58 + public Object manage(final InvocationContext ic) throws Exception {
  59 + String resource = getResource(ic);
  60 + String operation = getOperation(ic);
  61 + String username = null;
  62 +
  63 + if (getSecurityContext().isLoggedIn()) {
  64 + username = getSecurityContext().getUser().getName();
  65 + getLogger().finest(bundle.getString("access-checking", username, operation, resource));
  66 + }
  67 +
  68 + if (!getSecurityContext().hasPermission(resource, operation)) {
  69 + getLogger().severe(bundle.getString("access-denied", username, operation, resource));
  70 + throw new AuthorizationException(bundle.getString("access-denied-ui", resource, operation));
  71 + }
  72 +
  73 + getLogger().fine(bundle.getString("access-allowed", username, operation, resource));
  74 + return ic.proceed();
  75 + }
  76 +
  77 + /**
  78 + * <p>
  79 + * Returns the resource defined in {@code @RequiredPermission} annotation,
  80 + * the name defined in {@code @AmbiguousQualifier} annotation or the class
  81 + * name itself.
  82 + * </p>
  83 + *
  84 + * @param ic the {@code InvocationContext} in which the method is being
  85 + * called.
  86 + * @return the resource defined in {@code @RequiredPermission} annotation,
  87 + * the name defined in {@code @AmbiguousQualifier} annotation or the class
  88 + * name itself.
  89 + */
  90 + private String getResource(InvocationContext ic) {
  91 + RequiredPermission requiredPermission;
  92 + requiredPermission = ic.getMethod().getAnnotation(RequiredPermission.class);
  93 +
  94 + if (requiredPermission == null) {
  95 + requiredPermission = ic.getTarget().getClass().getAnnotation(RequiredPermission.class);
  96 + }
  97 +
  98 + if (Strings.isEmpty(requiredPermission.resource())) {
  99 + if (ic.getTarget().getClass().getAnnotation(Name.class) == null) {
  100 + return ic.getTarget().getClass().getSimpleName();
  101 + } else {
  102 + return ic.getTarget().getClass().getAnnotation(Name.class).value();
  103 + }
  104 + } else {
  105 + return requiredPermission.resource();
  106 + }
  107 + }
  108 +
  109 + /**
  110 + * <p>
  111 + * Returns the operation defined in {@code @RequiredPermission} annotation,
  112 + * the name defined in {@code @AmbiguousQualifier} annotation or the
  113 + * method's name itself.
  114 + * </p>
  115 + *
  116 + * @param ic the {@code InvocationContext} in which the method is being
  117 + * called.
  118 + * @return the operation defined in {@code @RequiredPermission} annotation,
  119 + * the name defined in {@code @AmbiguousQualifier} annotation or the
  120 + * method's name itself.
  121 + */
  122 + private String getOperation(InvocationContext ic) {
  123 + RequiredPermission requiredPermission;
  124 + requiredPermission = ic.getMethod().getAnnotation(RequiredPermission.class);
  125 +
  126 + if (requiredPermission == null) {
  127 + requiredPermission = ic.getTarget().getClass().getAnnotation(RequiredPermission.class);
  128 + }
  129 +
  130 + if (Strings.isEmpty(requiredPermission.operation())) {
  131 + if (ic.getMethod().getAnnotation(Name.class) == null) {
  132 + return ic.getMethod().getName();
  133 + } else {
  134 + return ic.getMethod().getAnnotation(Name.class).value();
  135 + }
  136 + } else {
  137 + return requiredPermission.operation();
  138 + }
  139 + }
  140 +
  141 + private SecurityContext getSecurityContext() {
  142 + return CDI.current().select(SecurityContext.class).get();
  143 +// return Beans.getReference(SecurityContext.class);
  144 + }
  145 +}
... ...
security/src/main/java/org/demoiselle/jee/security/interceptor/RequiredRoleInterceptor.java 0 → 100644
  Diff comments   View file @586f311
... ... @@ -0,0 +1,112 @@
  1 +package org.demoiselle.jee.security.interceptor;
  2 +
  3 +import org.demoiselle.jee.security.exception.AuthorizationException;
  4 +
  5 +import javax.annotation.Priority;
  6 +import javax.enterprise.inject.spi.CDI;
  7 +import javax.interceptor.AroundInvoke;
  8 +import javax.interceptor.Interceptor;
  9 +import javax.interceptor.InvocationContext;
  10 +import java.io.Serializable;
  11 +import java.util.ArrayList;
  12 +import java.util.Arrays;
  13 +import java.util.List;
  14 +
  15 +import java.util.logging.Logger;
  16 +import javax.inject.Inject;
  17 +import org.demoiselle.jee.core.util.ResourceBundle;
  18 +import org.demoiselle.jee.security.RequiredRole;
  19 +import org.demoiselle.jee.security.SecurityContext;
  20 +
  21 +/**
  22 + * <p>
  23 + * Intercepts calls with {@code @RequiredRole} annotations.
  24 + * </p>
  25 + *
  26 + * @author SERPRO
  27 + */
  28 +@RequiredRole(value = "")
  29 +@Interceptor
  30 +@Priority(Interceptor.Priority.APPLICATION)
  31 +public class RequiredRoleInterceptor implements Serializable {
  32 +
  33 + private static final long serialVersionUID = 1L;
  34 +
  35 + @Inject
  36 + private ResourceBundle bundle;
  37 +
  38 + @Inject
  39 + private Logger logger;
  40 +
  41 + /**
  42 + * <p>
  43 + * Gets the value property of {@code @RequiredRole}. Delegates to
  44 + * {@code SecurityContext} check role. If the user has the required role it
  45 + * executes the mehtod, otherwise throws an exception. Returns what is
  46 + * returned from the intercepted method. If the method's return type is
  47 + * {@code void} returns {@code null}.
  48 + * </p>
  49 + *
  50 + * @param ic the {@code InvocationContext} in which the method is being
  51 + * called.
  52 + * @return what is returned from the intercepted method. If the method's
  53 + * return type is {@code void} returns {@code null}.
  54 + * @throws Exception if there is an error during the role check or during
  55 + * the method's processing.
  56 + */
  57 + @AroundInvoke
  58 + public Object manage(final InvocationContext ic) throws Exception {
  59 + List<String> roles = getRoles(ic);
  60 +
  61 + if (getSecurityContext().isLoggedIn()) {
  62 + logger.info(
  63 + bundle.getString("has-role-verification", getSecurityContext().getUser().getName(), roles));
  64 + }
  65 +
  66 + List<String> userRoles = new ArrayList<String>();
  67 +
  68 + for (String role : roles) {
  69 + if (getSecurityContext().hasRole(role)) {
  70 + userRoles.add(role);
  71 + }
  72 + }
  73 +
  74 + if (userRoles.isEmpty()) {
  75 + logger.severe(
  76 + bundle.getString("does-not-have-role", getSecurityContext().getUser().getName(), roles));
  77 +
  78 + throw new AuthorizationException(bundle.getString("does-not-have-role-ui", roles));
  79 + }
  80 +
  81 + logger.fine(bundle.getString("user-has-role", getSecurityContext().getUser().getName(), userRoles));
  82 +
  83 + return ic.proceed();
  84 + }
  85 +
  86 + /**
  87 + * <p>
  88 + * Returns the value defined in {@code @RequiredRole} annotation.
  89 + * </p>
  90 + *
  91 + * @param ic the {@code InvocationContext} in which the method is being
  92 + * called.
  93 + * @return the value defined in {@code @RequiredRole} annotation.
  94 + */
  95 + private List<String> getRoles(InvocationContext ic) {
  96 + String[] roles = {};
  97 +
  98 + if (ic.getMethod().getAnnotation(RequiredRole.class) == null) {
  99 + roles = ic.getTarget().getClass().getAnnotation(RequiredRole.class).value();
  100 + } else {
  101 + roles = ic.getMethod().getAnnotation(RequiredRole.class).value();
  102 + }
  103 +
  104 + return Arrays.asList(roles);
  105 + }
  106 +
  107 + private SecurityContext getSecurityContext() {
  108 + return CDI.current().select(SecurityContext.class).get();
  109 +// return Beans.getReference(SecurityContext.class);
  110 + }
  111 +
  112 +}
... ...