diff --git a/demoiselle-core/src/main/java/org/demoiselle/jee/core/interfaces/security/SecurityContext.java b/demoiselle-core/src/main/java/org/demoiselle/jee/core/interfaces/security/SecurityContext.java index d29788e..0152707 100644 --- a/demoiselle-core/src/main/java/org/demoiselle/jee/core/interfaces/security/SecurityContext.java +++ b/demoiselle-core/src/main/java/org/demoiselle/jee/core/interfaces/security/SecurityContext.java @@ -28,12 +28,6 @@ public interface SecurityContext extends Serializable { boolean isLoggedIn(); /** - * @throws NotLoggedInException if there is no user logged in a specific - * session - */ - void checkLoggedIn(); - - /** * Checks if the logged user has permission to execute an specific operation * on a specific resource. * @@ -69,5 +63,5 @@ public interface SecurityContext extends Serializable { DemoisellePrincipal getUser(); void setUser(DemoisellePrincipal loggedUser); - + } diff --git a/demoiselle-core/src/main/java/org/demoiselle/jee/core/internal/producer/ResourceBundleProducer.java b/demoiselle-core/src/main/java/org/demoiselle/jee/core/internal/producer/ResourceBundleProducer.java index 39974d2..35574a8 100644 --- a/demoiselle-core/src/main/java/org/demoiselle/jee/core/internal/producer/ResourceBundleProducer.java +++ b/demoiselle-core/src/main/java/org/demoiselle/jee/core/internal/producer/ResourceBundleProducer.java @@ -56,8 +56,8 @@ public class ResourceBundleProducer implements Serializable { return create(baseName); } - @SuppressWarnings("serial") - public static ResourceBundle create(String baseName) { + @SuppressWarnings("serial") + public static ResourceBundle create(String baseName) { ResourceBundle bundle; try { diff --git a/demoiselle-parent/pom.xml b/demoiselle-parent/pom.xml index 11b5b14..6be92ad 100644 --- a/demoiselle-parent/pom.xml +++ b/demoiselle-parent/pom.xml @@ -3,6 +3,7 @@ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> demoiselle-parent + 3.0.0-BETA1-SNAPSHOT pom 4.0.0 @@ -16,6 +17,7 @@ + 3.0.0-BETA1-SNAPSHOT UTF-8 @@ -37,6 +39,8 @@ 1.7.1 3.2 1.0.0 + + 2016.8 3.5.1 @@ -171,29 +175,29 @@ org.demoiselle.jee demoiselle-core - ${project.version} + ${version} org.demoiselle.jee demoiselle-security - ${project.version} + ${demoiselle.version} org.demoiselle.jee demoiselle-rest - ${project.version} + ${demoiselle.version} org.demoiselle.jee demoiselle-persistence-jpa - ${project.version} + ${demoiselle.version} - + diff --git a/demoiselle-rest/src/main/java/org/demoiselle/jee/ws/jaxrs/JaxRsFilter.java b/demoiselle-rest/src/main/java/org/demoiselle/jee/ws/jaxrs/JaxRsFilter.java deleted file mode 100644 index 12a1908..0000000 --- a/demoiselle-rest/src/main/java/org/demoiselle/jee/ws/jaxrs/JaxRsFilter.java +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Demoiselle Framework - * - * License: GNU Lesser General Public License (LGPL), version 3 or later. - * See the lgpl.txt file in the root directory or . - */ -package org.demoiselle.jee.ws.jaxrs; - -import java.util.logging.Logger; -import javax.annotation.PostConstruct; -import javax.inject.Inject; -import javax.ws.rs.client.ClientRequestContext; -import javax.ws.rs.client.ClientRequestFilter; -import javax.ws.rs.client.ClientResponseContext; -import javax.ws.rs.client.ClientResponseFilter; -import javax.ws.rs.container.ContainerRequestContext; -import javax.ws.rs.container.ContainerRequestFilter; -import javax.ws.rs.container.ContainerResponseContext; -import javax.ws.rs.container.ContainerResponseFilter; -import javax.ws.rs.container.PreMatching; -import javax.ws.rs.ext.Provider; - -/** - * - * @author 70744416353 - */ -@Provider -@PreMatching -public class JaxRsFilter implements ClientRequestFilter, ClientResponseFilter, ContainerRequestFilter, ContainerResponseFilter { - - @Inject - private Logger LOG; - - @Override - public void filter(ClientRequestContext requestContext) { - } - - @Override - public void filter(ClientRequestContext requestContext, ClientResponseContext responseContext) { - } - - @Override - public void filter(ContainerRequestContext requestContext) { - } - - @Override - public void filter(ContainerRequestContext requestContext, ContainerResponseContext response) { - response.getHeaders().putSingle("Demoiselle", "3.0.0"); - response.getHeaders().putSingle("Access-Control-Allow-Origin", "*"); - response.getHeaders().putSingle("Access-Control-Allow-Methods", "OPTIONS, GET, POST, PUT, DELETE"); - response.getHeaders().putSingle("Access-Control-Allow-Headers", "Content-Type"); - } - - @PostConstruct - public void init() { - LOG.info("Demoiselle Module - Rest"); - } - -} diff --git a/demoiselle-rest/src/main/java/org/demoiselle/jee/ws/jaxrs/filter/JaxRsFilter.java b/demoiselle-rest/src/main/java/org/demoiselle/jee/ws/jaxrs/filter/JaxRsFilter.java new file mode 100644 index 0000000..48bcf80 --- /dev/null +++ b/demoiselle-rest/src/main/java/org/demoiselle/jee/ws/jaxrs/filter/JaxRsFilter.java @@ -0,0 +1,59 @@ +/* + * Demoiselle Framework + * + * License: GNU Lesser General Public License (LGPL), version 3 or later. + * See the lgpl.txt file in the root directory or . + */ +package org.demoiselle.jee.ws.jaxrs.filter; + +import java.util.logging.Logger; +import javax.annotation.PostConstruct; +import javax.inject.Inject; +import javax.ws.rs.client.ClientRequestContext; +import javax.ws.rs.client.ClientRequestFilter; +import javax.ws.rs.client.ClientResponseContext; +import javax.ws.rs.client.ClientResponseFilter; +import javax.ws.rs.container.ContainerRequestContext; +import javax.ws.rs.container.ContainerRequestFilter; +import javax.ws.rs.container.ContainerResponseContext; +import javax.ws.rs.container.ContainerResponseFilter; +import javax.ws.rs.container.PreMatching; +import javax.ws.rs.ext.Provider; + +/** + * + * @author 70744416353 + */ +@Provider +@PreMatching +public class JaxRsFilter implements ClientRequestFilter, ClientResponseFilter, ContainerRequestFilter, ContainerResponseFilter { + + @Inject + private Logger LOG; + + @Override + public void filter(ClientRequestContext requestContext) { + } + + @Override + public void filter(ClientRequestContext requestContext, ClientResponseContext responseContext) { + } + + @Override + public void filter(ContainerRequestContext requestContext) { + } + + @Override + public void filter(ContainerRequestContext requestContext, ContainerResponseContext response) { + response.getHeaders().putSingle("Demoiselle", "3.0.0"); + response.getHeaders().putSingle("Access-Control-Allow-Origin", "*"); + response.getHeaders().putSingle("Access-Control-Allow-Methods", "OPTIONS, GET, POST, PUT, DELETE"); + response.getHeaders().putSingle("Access-Control-Allow-Headers", "Content-Type"); + } + + @PostConstruct + public void init() { + LOG.info("Demoiselle Module - Rest"); + } + +} diff --git a/demoiselle-security/pom.xml b/demoiselle-security/pom.xml index 73fbd2c..8db57cc 100644 --- a/demoiselle-security/pom.xml +++ b/demoiselle-security/pom.xml @@ -14,7 +14,7 @@ org.demoiselle.jee demoiselle-parent 3.0.0-BETA1-SNAPSHOT - ../demoiselle-parent + diff --git a/demoiselle-security/src/main/java/org/demoiselle/jee/security/exception/AuthenticationException.java b/demoiselle-security/src/main/java/org/demoiselle/jee/security/exception/AuthenticationException.java deleted file mode 100644 index 0e616b8..0000000 --- a/demoiselle-security/src/main/java/org/demoiselle/jee/security/exception/AuthenticationException.java +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Demoiselle Framework - * - * License: GNU Lesser General Public License (LGPL), version 3 or later. - * See the lgpl.txt file in the root directory or . - */ -package org.demoiselle.jee.security.exception; - -/** - *

- * Thrown when the mecanism responsible for the entire authentication lifecycle fails. - *

- * - * @author SERPRO - */ -public class AuthenticationException extends SecurityException { - - private static final long serialVersionUID = 1L; - - /** - *

- * Constructor with message. - *

- * - * @param message exception message - */ - public AuthenticationException(String message) { - super(message); - } - - /** - *

- * Constructor with the cause. - *

- * - * @param cause exception cause - */ - public AuthenticationException(Throwable cause) { - super(cause); - } - - /** - *

- * Constructor with message and cause. - *

- * - * @param message exception message - * @param cause exception cause - */ - public AuthenticationException(String message, Throwable cause) { - super(message, cause); - } -} diff --git a/demoiselle-security/src/main/java/org/demoiselle/jee/security/exception/AuthorizationException.java b/demoiselle-security/src/main/java/org/demoiselle/jee/security/exception/AuthorizationException.java deleted file mode 100644 index bd033af..0000000 --- a/demoiselle-security/src/main/java/org/demoiselle/jee/security/exception/AuthorizationException.java +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Demoiselle Framework - * - * License: GNU Lesser General Public License (LGPL), version 3 or later. - * See the lgpl.txt file in the root directory or . - */ -package org.demoiselle.jee.security.exception; - -/** - *

- * Thrown when a fail on trying to access some resource and/or execute an - * operation without the proper authorization. - *

- * - * @author SERPRO - */ -public class AuthorizationException extends SecurityException { - - private static final long serialVersionUID = 1L; - - /** - *

- * Constructor with message. - *

- * - * @param message exception message - */ - public AuthorizationException(String message) { - super(message); - } - - /** - *

- * Constructor with the cause. - *

- * - * @param cause exception cause - */ - public AuthorizationException(Throwable cause) { - super(cause); - } -} diff --git a/demoiselle-security/src/main/java/org/demoiselle/jee/security/exception/DemoiselleSecurityException.java b/demoiselle-security/src/main/java/org/demoiselle/jee/security/exception/DemoiselleSecurityException.java index 641a2d1..9533dcd 100644 --- a/demoiselle-security/src/main/java/org/demoiselle/jee/security/exception/DemoiselleSecurityException.java +++ b/demoiselle-security/src/main/java/org/demoiselle/jee/security/exception/DemoiselleSecurityException.java @@ -22,6 +22,12 @@ public class DemoiselleSecurityException extends DemoiselleRESTException { super(string); this.statusCode = 401; } + + public DemoiselleSecurityException(String string, int statusCode) { + super(string); + this.statusCode = statusCode; + } + public int getStatusCode() { return statusCode; diff --git a/demoiselle-security/src/main/java/org/demoiselle/jee/security/exception/InvalidCredentialsException.java b/demoiselle-security/src/main/java/org/demoiselle/jee/security/exception/InvalidCredentialsException.java deleted file mode 100644 index c011487..0000000 --- a/demoiselle-security/src/main/java/org/demoiselle/jee/security/exception/InvalidCredentialsException.java +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Demoiselle Framework - * - * License: GNU Lesser General Public License (LGPL), version 3 or later. - * See the lgpl.txt file in the root directory or . - */ -package org.demoiselle.jee.security.exception; - -import javax.enterprise.inject.spi.CDI; -import org.demoiselle.jee.core.annotation.literal.NameQualifier; -import org.demoiselle.jee.core.util.ResourceBundle; - -/** - *

- * Thrown when the user's credentials are invalid. - *

- * - * @author SERPRO - */ -public class InvalidCredentialsException extends AuthenticationException { - - private static final long serialVersionUID = 1L; - - public InvalidCredentialsException() { - super(CDI.current().select(ResourceBundle.class, new NameQualifier("demoiselle-core-bundle")).get().getString("invalid-credentials")); - } - - /** - *

- * Constructs an InvalidCredentialsException with a message. - *

- * - * @param message exception message. - */ - public InvalidCredentialsException(String message) { - super(message); - } - - /** - *

- * Constructor with message and cause. - *

- * - * @param message exception message. - * @param cause exception cause. - */ - public InvalidCredentialsException(String message, Throwable cause) { - super(message, cause); - } -} diff --git a/demoiselle-security/src/main/java/org/demoiselle/jee/security/exception/NotLoggedInException.java b/demoiselle-security/src/main/java/org/demoiselle/jee/security/exception/NotLoggedInException.java deleted file mode 100644 index bb95a83..0000000 --- a/demoiselle-security/src/main/java/org/demoiselle/jee/security/exception/NotLoggedInException.java +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Demoiselle Framework - * - * License: GNU Lesser General Public License (LGPL), version 3 or later. - * See the lgpl.txt file in the root directory or . - */ -package org.demoiselle.jee.security.exception; - -/** - *

- * Thrown when trying to access some resource or execute an operation that requires authentication. - *

- * - * @author SERPRO - */ -public class NotLoggedInException extends DemoiselleSecurityException { - - private static final long serialVersionUID = 1L; - - /** - *

- * Constructs an NotLoggedInException with a message. - *

- * - * @param message exception message - */ - public NotLoggedInException(String message) { - super(message); - } - - -} diff --git a/demoiselle-security/src/main/java/org/demoiselle/jee/security/exception/SecurityException.java b/demoiselle-security/src/main/java/org/demoiselle/jee/security/exception/SecurityException.java deleted file mode 100644 index 3dd394c..0000000 --- a/demoiselle-security/src/main/java/org/demoiselle/jee/security/exception/SecurityException.java +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Demoiselle Framework - * - * License: GNU Lesser General Public License (LGPL), version 3 or later. - * See the lgpl.txt file in the root directory or . - */ -package org.demoiselle.jee.security.exception; - -import org.demoiselle.jee.core.exception.DemoiselleException; - -/** - * SecurityException is the superclass of those exceptions that can - * be thrown due to any security related issue. - * - * @author SERPRO - */ -public class SecurityException extends DemoiselleException { - - private static final long serialVersionUID = 1L; - - /** - * Constructs an SecurityException with the specified detail - * message. - * - * @param message the detail message. - */ - SecurityException(String message) { - super(message); - } - - /** - * Constructor with the cause. - * - * @param cause exception cause - */ - SecurityException(Throwable cause) { - super(cause); - } - - /** - * Constructor with message and cause. - * - * @param message exception message - * @param cause exception cause - */ - SecurityException(String message, Throwable cause) { - super(message, cause); - } -} diff --git a/demoiselle-security/src/main/java/org/demoiselle/jee/security/impl/DemoisellePrincipalImpl.java b/demoiselle-security/src/main/java/org/demoiselle/jee/security/impl/DemoisellePrincipalImpl.java index 582d862..a91a646 100644 --- a/demoiselle-security/src/main/java/org/demoiselle/jee/security/impl/DemoisellePrincipalImpl.java +++ b/demoiselle-security/src/main/java/org/demoiselle/jee/security/impl/DemoisellePrincipalImpl.java @@ -91,7 +91,7 @@ public class DemoisellePrincipalImpl implements DemoisellePrincipal { @Override public String toString() { - return "DemoisellePrincipalImpl{" + "id=" + id + ", name=" + name + ", roles=" + roles + ", permissions=" + permissions + '}'; + return "DemoisellePrincipal{" + "id=" + id + ", name=" + name + ", roles=" + roles + ", permissions=" + permissions + '}'; } } diff --git a/demoiselle-security/src/main/java/org/demoiselle/jee/security/impl/SecurityContextImpl.java b/demoiselle-security/src/main/java/org/demoiselle/jee/security/impl/SecurityContextImpl.java index 1ab26ab..79c3aa4 100644 --- a/demoiselle-security/src/main/java/org/demoiselle/jee/security/impl/SecurityContextImpl.java +++ b/demoiselle-security/src/main/java/org/demoiselle/jee/security/impl/SecurityContextImpl.java @@ -6,16 +6,14 @@ */ package org.demoiselle.jee.security.impl; -import java.util.Iterator; -import java.util.Map; -import java.util.stream.Collectors; import javax.enterprise.context.Dependent; import javax.inject.Inject; +import javax.ws.rs.core.Response; import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal; -import org.demoiselle.jee.security.exception.NotLoggedInException; import org.demoiselle.jee.core.interfaces.security.SecurityContext; import org.demoiselle.jee.core.interfaces.security.TokensManager; +import org.demoiselle.jee.security.exception.DemoiselleSecurityException; import org.demoiselle.jee.security.message.DemoiselleSecurityMessages; /** @@ -33,20 +31,20 @@ public class SecurityContextImpl implements SecurityContext { @Inject private TokensManager tm; - @Inject - private DemoiselleSecurityMessages bundle; - /** * @see org.demoiselle.security.SecurityContext#hasPermission(String, * String) */ @Override public boolean hasPermission(String resource, String operation) { - return (tm.getUser().getPermissions().entrySet() + if ((tm.getUser().getPermissions().entrySet() .stream() .filter(p -> p.getKey().equalsIgnoreCase(resource)) .filter(p -> p.getValue().equalsIgnoreCase(operation)) - .count() > 0); + .count() <= 0)) { + return false; + } + return true; } /** @@ -54,7 +52,10 @@ public class SecurityContextImpl implements SecurityContext { */ @Override public boolean hasRole(String role) { - return (tm.getUser().getRoles().parallelStream().filter(p -> p.equals(role)).count() > 0); + if (tm.getUser().getRoles().parallelStream().filter(p -> p.equals(role)).count() <= 0) { + return true; + } + return false; } /** @@ -62,14 +63,7 @@ public class SecurityContextImpl implements SecurityContext { */ @Override public boolean isLoggedIn() { - return tm.validate(); - } - - @Override - public void checkLoggedIn() throws NotLoggedInException { - if (!isLoggedIn()) { - throw new NotLoggedInException(bundle.userNotAuthenticated()); - } + return getUser() != null; } @Override diff --git a/demoiselle-security/src/main/java/org/demoiselle/jee/security/interceptor/LoggedInInterceptor.java b/demoiselle-security/src/main/java/org/demoiselle/jee/security/interceptor/LoggedInInterceptor.java index c7133a3..928a130 100644 --- a/demoiselle-security/src/main/java/org/demoiselle/jee/security/interceptor/LoggedInInterceptor.java +++ b/demoiselle-security/src/main/java/org/demoiselle/jee/security/interceptor/LoggedInInterceptor.java @@ -12,8 +12,12 @@ import javax.interceptor.AroundInvoke; import javax.interceptor.Interceptor; import javax.interceptor.InvocationContext; import java.io.Serializable; +import java.util.logging.Logger; +import javax.ws.rs.core.Response; import org.demoiselle.jee.security.annotation.LoggedIn; import org.demoiselle.jee.core.interfaces.security.SecurityContext; +import org.demoiselle.jee.security.exception.DemoiselleSecurityException; +import org.demoiselle.jee.security.message.DemoiselleSecurityMessages; /** *

@@ -32,9 +36,14 @@ public class LoggedInInterceptor implements Serializable { @Inject private SecurityContext securityContext; + @Inject + private DemoiselleSecurityMessages bundle; + @AroundInvoke public Object manage(final InvocationContext ic) throws Exception { - securityContext.checkLoggedIn(); + if (!securityContext.isLoggedIn()) { + throw new DemoiselleSecurityException(bundle.userNotAuthenticated(), Response.Status.UNAUTHORIZED.getStatusCode()); + } return ic.proceed(); } } diff --git a/demoiselle-security/src/main/java/org/demoiselle/jee/security/interceptor/RequiredPermissionInterceptor.java b/demoiselle-security/src/main/java/org/demoiselle/jee/security/interceptor/RequiredPermissionInterceptor.java index 8ca994b..f2ad807 100644 --- a/demoiselle-security/src/main/java/org/demoiselle/jee/security/interceptor/RequiredPermissionInterceptor.java +++ b/demoiselle-security/src/main/java/org/demoiselle/jee/security/interceptor/RequiredPermissionInterceptor.java @@ -6,8 +6,6 @@ */ package org.demoiselle.jee.security.interceptor; -import org.demoiselle.jee.security.exception.AuthorizationException; - import javax.annotation.Priority; import javax.interceptor.AroundInvoke; import javax.interceptor.Interceptor; @@ -15,12 +13,15 @@ import javax.interceptor.InvocationContext; import java.io.Serializable; import java.util.logging.Logger; import javax.inject.Inject; +import javax.ws.rs.core.Response; import org.demoiselle.jee.core.annotation.Name; import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal; import org.demoiselle.jee.core.util.ResourceBundle; import org.demoiselle.jee.core.util.Strings; import org.demoiselle.jee.security.annotation.RequiredPermission; import org.demoiselle.jee.core.interfaces.security.SecurityContext; +import org.demoiselle.jee.security.exception.DemoiselleSecurityException; +import org.demoiselle.jee.security.message.DemoiselleSecurityMessages; /** *

@@ -43,7 +44,7 @@ public class RequiredPermissionInterceptor implements Serializable { private DemoisellePrincipal loggedUser; @Inject - private ResourceBundle bundle; + private DemoiselleSecurityMessages bundle; @Inject private Logger logger; @@ -73,15 +74,15 @@ public class RequiredPermissionInterceptor implements Serializable { if (securityContext.isLoggedIn()) { username = loggedUser.getName(); - logger.finest(bundle.getString("access-checking", username, operation, resource)); + logger.finest(bundle.accessCheckingPermission(username, operation, resource)); } if (securityContext.hasPermission(resource, operation)) { - logger.severe(bundle.getString("access-denied", username, operation, resource)); - throw new AuthorizationException(bundle.getString("access-denied-ui", resource, operation)); + logger.severe(bundle.doesNotHavePermission(username, operation, resource)); + throw new DemoiselleSecurityException(bundle.doesNotHavePermission(username, operation, resource), Response.Status.UNAUTHORIZED.getStatusCode()); } - logger.fine(bundle.getString("access-allowed", username, operation, resource)); + logger.fine(bundle.accessAllowed(username, operation, resource)); return ic.proceed(); } diff --git a/demoiselle-security/src/main/java/org/demoiselle/jee/security/interceptor/RequiredRoleInterceptor.java b/demoiselle-security/src/main/java/org/demoiselle/jee/security/interceptor/RequiredRoleInterceptor.java index 424b470..636a1da 100644 --- a/demoiselle-security/src/main/java/org/demoiselle/jee/security/interceptor/RequiredRoleInterceptor.java +++ b/demoiselle-security/src/main/java/org/demoiselle/jee/security/interceptor/RequiredRoleInterceptor.java @@ -6,8 +6,6 @@ */ package org.demoiselle.jee.security.interceptor; -import org.demoiselle.jee.security.exception.AuthorizationException; - import javax.annotation.Priority; import javax.interceptor.AroundInvoke; import javax.interceptor.Interceptor; @@ -19,10 +17,13 @@ import java.util.List; import java.util.logging.Logger; import javax.inject.Inject; +import javax.ws.rs.core.Response; import org.demoiselle.jee.core.interfaces.security.DemoisellePrincipal; import org.demoiselle.jee.core.util.ResourceBundle; import org.demoiselle.jee.security.annotation.RequiredRole; import org.demoiselle.jee.core.interfaces.security.SecurityContext; +import org.demoiselle.jee.security.exception.DemoiselleSecurityException; +import org.demoiselle.jee.security.message.DemoiselleSecurityMessages; /** *

@@ -45,7 +46,7 @@ public class RequiredRoleInterceptor implements Serializable { private DemoisellePrincipal loggedUser; @Inject - private ResourceBundle bundle; + private DemoiselleSecurityMessages bundle; @Inject private Logger logger; @@ -70,28 +71,26 @@ public class RequiredRoleInterceptor implements Serializable { public Object manage(final InvocationContext ic) throws Exception { List roles = getRoles(ic); + String username = null; + if (securityContext.isLoggedIn()) { - logger.info( - bundle.getString("has-role-verification", loggedUser.getName(), roles)); + username = loggedUser.getName(); } List userRoles = new ArrayList(); for (String role : roles) { if (securityContext.hasRole(role)) { + logger.finest(bundle.accessCheckingRole(username, role)); userRoles.add(role); } } if (userRoles.isEmpty()) { - logger.severe( - bundle.getString("does-not-have-role", loggedUser.getName(), roles)); - - throw new AuthorizationException(bundle.getString("does-not-have-role-ui", roles)); + logger.severe(bundle.doesNotHaveRole(username, roles.toString())); + throw new DemoiselleSecurityException(bundle.doesNotHaveRole(username, roles.toString()), Response.Status.UNAUTHORIZED.getStatusCode()); } - logger.fine(bundle.getString("user-has-role", loggedUser.getName(), userRoles)); - return ic.proceed(); } diff --git a/demoiselle-security/src/main/java/org/demoiselle/jee/security/message/DemoiselleSecurityMessages.java b/demoiselle-security/src/main/java/org/demoiselle/jee/security/message/DemoiselleSecurityMessages.java index b680d13..0ce88f2 100644 --- a/demoiselle-security/src/main/java/org/demoiselle/jee/security/message/DemoiselleSecurityMessages.java +++ b/demoiselle-security/src/main/java/org/demoiselle/jee/security/message/DemoiselleSecurityMessages.java @@ -12,8 +12,28 @@ import org.apache.deltaspike.core.api.message.MessageTemplate; @MessageBundle public interface DemoiselleSecurityMessages { - @MessageTemplate("{user-not-authenticated}") - String userNotAuthenticated(); + @MessageTemplate("{access-checking-permission}") + String accessCheckingPermission(String usuario, String operacao, String recurso); + @MessageTemplate("{access-checking-role}") + String accessCheckingRole(String usuario, String role); -} \ No newline at end of file + @MessageTemplate("{access-allowed}") + String accessAllowed(String usuario, String operacao, String recurso); + + @MessageTemplate("{access-denied}") + String accessDenied(String usuario, String operacao, String recurso); + + @MessageTemplate("{user-not-authenticated}") + String userNotAuthenticated(); + + @MessageTemplate("{invalid-credentials}") + String invalidCredentials(); + + @MessageTemplate("{does-not-have-role}") + String doesNotHaveRole(String usuario, String role); + + @MessageTemplate("{does-not-have-permission}") + String doesNotHavePermission(String usuario, String operacao, String recurso); + +} diff --git a/demoiselle-security/src/main/resources/org/demoiselle/jee/security/message/DemoiselleSecurityMessages.properties b/demoiselle-security/src/main/resources/org/demoiselle/jee/security/message/DemoiselleSecurityMessages.properties index fc646ec..6bbad13 100644 --- a/demoiselle-security/src/main/resources/org/demoiselle/jee/security/message/DemoiselleSecurityMessages.properties +++ b/demoiselle-security/src/main/resources/org/demoiselle/jee/security/message/DemoiselleSecurityMessages.properties @@ -1,12 +1,8 @@ -adding-message-to-context=Adicionando uma mensagem no contexto: [{0}] -access-checking=Verificando permiss\u00e3o do usu\u00e1rio {0} para executar a a\u00e7\u00e3o {1} no recurso {2} -access-allowed=O usu\u00e1rio {0} acessou o recurso {2} com a a\u00e7\u00e3o {1} -access-denied=O usu\u00e1rio {0} n\u00e3o possui permiss\u00e3o para executar a a\u00e7\u00e3o {1} no recurso {2} -access-denied-ui=Voc\u00ea n\u00e3o est\u00e1 autorizado a executar a a\u00e7\u00e3o {1} no recurso {0} -authorizer-not-defined=Nenhuma regra de resolu\u00e7\u00e3o de permiss\u00f5es foi definida. Para utilizar @{0} \u00e9 preciso definir a propriedade frameworkdemoiselle.security.authorizer.class como regra de resolu\u00e7\u00e3o de permiss\u00f5es desejada no arquivo demoiselle.properties. +access-checking-permission=Verificando permiss\u00e3o do usu\u00e1rio %s para executar a a\u00e7\u00e3o %s no recurso %s +access-checking-role=Verificando permiss\u00e3o do usu\u00e1rio %s para a role %s +access-allowed=O usu\u00e1rio %s acessou o recurso %s com a a\u00e7\u00e3o %s +access-denied=O usu\u00e1rio %s n\u00e3o possui permiss\u00e3o para executar a a\u00e7\u00e3o %s no recurso %s user-not-authenticated=Usu\u00e1rio n\u00e3o autenticado invalid-credentials=Usu\u00e1rio ou senha inv\u00e1lidos -has-role-verification=Verificando se o usu\u00e1rio {0} possui a(s) role(s)\: {1} -does-not-have-role=Usu\u00e1rio {0} n\u00e3o possui a(s) role(s)\: {1} -does-not-have-role-ui=Para acessar este recurso \u00e9 necess\u00e1rio ser {0} -user-has-role=Usu\u00e1rio {0} possui a(s) role(s)\: {1} \ No newline at end of file +does-not-have-role=Usu\u00e1rio %s n\u00e3o possui a role\: %s +does-not-have-permission=Usu\u00e1rio %s n\u00e3o possui a permiss\u00e3o para executar a a\u00e7\u00e3o %s no recurso %s diff --git a/pom.xml b/pom.xml index 1401f5e..47025eb 100644 --- a/pom.xml +++ b/pom.xml @@ -66,13 +66,13 @@ demoiselle-parent demoiselle-core + demoiselle-configuration demoiselle-persistence-jpa demoiselle-rest demoiselle-security demoiselle-security-token demoiselle-security-basic demoiselle-security-jwt - demoiselle-configuration -- libgit2 0.21.2